Schwab Password Length

Phil Derkum · January 11

Attempting to change Schwab password in my Password Vault I receive an Error Message telling me that a password longer than 14 characters is not allowed

This is not a Schwab limitation!

Sherlock · January 11

It may be the limitation Schwab provided for Quicken access. If you haven't already, I suggest you refresh the financial institution's profile: https://www.quicken.com/support/quicken-currently-unable-verify-financial-institution-information-download

If the issue persists, I suggest you deactivate the Online Services of all of the registers associated with the financial institution. After you have deactivated the Online Services of all the registers associated with the financial institution, when you activate the Online Services of one of the registers, Quicken should allow you to save the new password to the Password Vault. Quicken should provide a list of all of the accounts it finds at the financial institution and enable you to link the accounts to the appropriate existing registers.

thecreator · January 11

Hi @""Phil Derkum" ,

A Password Length of 14 Characters is long enough.

Go to: https://www.roboform.com/ Get RoboForm Free. It has a Password Generator included.

Go to: https://www.schwab.com/public/schwab/client_home and sign in. Change the password to a length of 14 characters. Include Special Characters other than the Special Characters, mentioned at: https://www.quicken.com/support/password-vault-your-bank-could-not-use-password-you-entered

"The cause could be that the bank account login password uses special characters that interfere with Quicken's ability to download transactions. These special characters can be (but are not limited to) the ampersand (&), left carat (<), right carat (>), backslash (\), and forward slash (/).

Log in to your bank's website.
Change your password to use characters other than special characters (such as &, <, >, \, or /). "

Phil Derkum · January 11

QUICK BUT INCORRECT ANSWER.

For those of us that have large Schwab accounts 14 is not enough. My current online Schwab password is 19 characters.

Definite bug in Quicken

Chris_QPW · January 11

Phil Derkum said:

QUICK BUT INCORRECT ANSWER.

For those of us that have large Schwab accounts 14 is not enough. My current online Schwab password is 19 characters.

Definite bug in Quicken

There's definitely a lot of misunderstanding about what is secure and isn't. For instance I put a random generated 14 character password that RoboForm created into this website

https://random-ize.com/how-long-to-hack-pass/?

It says it will take more than 49 billion years to crack it with brute Force guessing.

But frankly this is a whole useless line of thought. Financial institutions lock your account after about three wrong guesses.

Phil Derkum · January 11

I'm guessing that Schwab is overloaded and is throttling some capabilities to protect their system. I have run into a side effect of their throttle.

Chris_QPW · January 11

BTW don't take my answer to mean I don't think that Quicken (more likely Intuit) doesn't have a problem. I was only commenting about what is "secure".

The way I understand the system working is that Quicken Inc pays Intuit to maintain such information which it gets from the financial institutions. And it provides that information to Quicken when is suppose to use it to determine what is "good password" or not.

Needless to say there can be a "breakdown" of this information getting passed along.

Personally I think it is all the wrong approach. Quicken shouldn't be the "checker of good passwords". They should just accept any password (with in the limitation of the OFX standard which is 32-characters) and let the financial institution reject the password when connecting if it isn't a "good password".

But of course if they are going to have such a system, they do need to maintain it, and if the financial institution is allowing 19 character then that information should get to Quicken be correct.

Chris_QPW · January 11

I'm posting an update to my comment above now that I have some new information. Information that I never knew before and I don't think any of the other SuperUser's know.

"A little birdy" pointed out this information his OFX log:

<SIGNONREALM>Schwab

<MIN>6

<MAX>234

<CHARTYPE>ALPHAANDNUMERIC

<CASESEN>Y

<SPECIAL>Y

<SPACES>Y

<PINCH>N

<CHGPINFIRST>N

</SIGNONINFO>

</SIGNONINFOLIST>

So clearly at least for Direct Connect (which would be all investment accounts) the financial institutions are actually sending their password requirements. This information doesn't have to come through Intuit, and as such if it is out of date/wrong and Quicken is using it (and I see not reason why it wouldn't be using it) the clearly it should be an easy look in the OFX log kind of operation to see if it is wrong. And if it is then it is the financial institution that has to fix it.

This information isn't available for Express Web Connect accounts so most likely "through Intuit" and refresh the financial institution recommendations are correct for the accounts connected that way.

And given for Direct Connect that this information is coming directly from the financial institution it does make sense that Quicken "pre checks it" instead of just sending the "illegal" password as the user typed it and having it rejected.

BTW in reference to Charles Schwab. I don't have such an account, but the above information from the "little birdy" does, and clearly there isn't a 14 character restriction and he did test that in fact passwords greater than 14 characters work just fine.

Schwab Password Length

Comments