Security Concerns with Quicken

Suppose you run Quicken.  You enter your checkbook balance, and some checks that haven’t cleared the bank.  Then, you enter the password for your online account at the bank, and download your checking account history and/or your credit card history.

Now that you have synchronized your computer with your bank, Intuit (the makers of Quicken) could access all of that financial data too, if they wanted to.  Explanation: to display the data on the screen, Quicken has to be able to access the data.  To check for updates, Quicken has to access the Internet.  Would Quicken send any of my financial data across the Internet?  Apparently, more than one person has worried about that, so Intuit has written an answer, and posted it on their web site:

When Quicken does a software update, is it really doing an update, or is it stealing my financial info?

Another potential issue with Quicken is password vulnerabilities.  Note: this article is old (2002), and the issues may have already been fixed by Intuit.  Still, it shows that there is nothing magic about Quicken data protection, and that smart, determined people may figure out a way to extract your financial data from a Quicken data file.

Is Your Personal Financial Information Safe? Practical Lessons in Quicken Password Vulnerabilities

It is interesting food for thought.

What to do:

a)      If you don’t want anyone else accessing your financial data, put Quicken on a computer than doesn’t connects to the Internet.

b)      If you want to do banking over the Internet, it would be good to review the section about security sandboxes and weigh the risks.  All your programs can access your quicken data.  If you are careful to get software from reputable sources, you have less risk.  If not, I would NOT recommend doing banking over the Internet, and I would keep Quicken on a computer that doesn’t connect to the Internet.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>