Add 2-Factor Authentication/Multi-Factor Authentication to App [edited] (2 Merged Votes)

Options
124»

Comments

  • somedude
    somedude Member
    Options

    New user, well not anymore. I'm voting with my feet. If security is not paramount on the front end I don't have any confidence for the backend. No thanks.

  • Adele F
    Adele F Member
    Options

    It is absurd to me that an application that has all of a person's financial information in it would not provide MFA. The web application needs it more than the desktop application as the web is much more accessible than an application on my desktop. I just subscribed to this service today and am very seriously considering canceling my subscription due to this major hole in security. Please get this addressed ASAP.

  • RobWilk
    RobWilk Superuser ✭✭✭✭✭
    Options

    @Adele F For the web app, I'm prompted for text-message-code verification the first time i sign in on a new computer (or after clearing cookies) to the best of my knowledge. That is MFA for the web app. Some people would prefer Google Authenticator verification, but that is slightly less secure than Text Message verification because it's backed up to google and anyone with access to your google account (including, likely, google employees who may be able to reset your password or otherwise access it) can get those codes.


    Rob Wilkens

  • 5impl5abi
    5impl5abi Member ✭✭
    Options

    Clarification: "Google Authenticator" 2-step verification (2SV) is used synonymously with one-time passcode (OTP) authentication (learn more https://en.m.wikipedia.org/wiki/One-time_password ).

    Google's Authenticator is an easily recognized OTP app, but many, many apps support OTP. To be clear, OTP is more secure than SMS because it's not subject to SIM swapping and account takeover attacks ( https://en.m.wikipedia.org/wiki/SIM_swap_scam ).

    REQUEST: Quicken should support Username, Password, + OTP as a default option in 2024, especially since you aggregate, store, and process our financial information.

  • Quicken User
    Quicken User Member
    Options

    Please deploy OTP Multi-factor (Google Authenticator, Authy, etc.) as soon as possible. Quicken's existing multi-factor methods (SMS, phone, or email) are readily compromised. This is a finance app after all. Quicken is not following NIST best practices and this puts Quicken customer information at risk of being stolen.

  • internetperson
    internetperson Member
    Options

    Even Quicken's Chatbot AI correctly summarized that this state of affairs is "insane" — see attached! Please fix!

    Screenshot 2024-04-22 at 7.29.49 PM.png

  • quickdev
    quickdev Member
    Options

    +1 for this feature.

Categories