Current Info re Account Authentication Protocols

turtle
turtle Member
edited 7:35PM in Adding and Updating Accounts

Is Simplifi using OAUTH for all account connections, or does it depend on the financial institution. Old threads suggest the financial institution needs to support read only OAUTH for secure connections, but in the past, some financial institutions didn't support that (eg, Vanguard), so I think then Simplifi would instead turn over your log in creds to some third party like Plaid. What's the current state of these security affairs?

Tagged:

Answers

  • Coach Natalie
    Coach Natalie Administrator, Moderator admin
    edited 7:46PM

    @turtle, thanks for posting your inquiry to the Community!

    Not all banks use an OAuth API connection, though most of the major banks have moved to this type of connection, or will likely do so soon. Some of the banks that are currently on an OAuth API connection are:

    • American Express
    • Capital One
    • Wells Fargo
    • Vanguard
    • Fidelity
    • Citibank
    • Chase Bank
    • Navy Federal Credit Union
    • USAA
    • PNC Bank
    • TD Bank
    • U.S. Bank
    • Robinhood
    • Charles Schwab

    The best way to determine if your bank is on an OAuth API connection is to try connecting in Quicken Simplifi. If you see a window that says "Authorization access required", then the bank is on OAuth.

    Screenshot 2025-12-05 at 12.44.39 PM.png

    Otherwise, we would use the traditional screenscraping method for any other banks, including banks that are supported on Plaid and Finicity.

    I hope this helps to answer your question!

    -Coach Natalie

  • turtle
    turtle Member
    edited 8:48PM

    Thank you. I connected to, eg, Citibank a long time ago, perhaps before they used OAUTH. Can I disconnect it and reconnect it without losing transaction data, including my own edits to downloads, maybe use the "reset connection" option in the menu next to the account in settings?

  • Coach Natalie
    Coach Natalie Administrator, Moderator admin

    @turtle, thanks for the reply!

    If you were connected to Citi or any other OAuth bank before the bank migrated to OAuth, you would have been prompted to migrate your accounts. You will not be able to stay on the old connection type once the OAuth rollout is complete. In the case of Citi, the rollout was complete quite some time ago.

    With that, if you'd still like to establish a fresh connection for Citi in Quicken Simplifi, you may do so by following these steps:

    1. Make all of the accounts with the bank manual by following the steps here.
    2. Once you see the account(s) listed in the Manual Accounts section under Settings > Accounts, go back through the Add Account flow to reconnect to the bank.
    3. Carefully link the account(s) found to your existing Quicken Simplifi account(s) by following the steps here

    May I ask if you're experiencing a connection issue or something along those lines that is prompting these inquiries? Let us know so we can help, if so!

    -Coach Natalie

  • turtle
    turtle Member

    I'm just trying to be a more educated consumer when it comes to security and beef up everything possible while foregoing services if they're not following modern protocols/frameworks.

    Vanguard seems to disconnect. I think because I require an SMS code to get in??? I just tried to connect to see what the issue is and I get a Simplifi dialog window where I enter my Vanguard username and password. Can I assume this window doesn't mean that Simplifi is collecting my login information, but rather it is going straight to Vanguard to obtain a token for Simplifi's use?

  • turtle
    turtle Member

    Also, Quicken Classic Premier on Mac shows exactly what type of connection each account is using in the account settings. It would be helpful if Simplifi would show something for each account at the UI level indicating whether it has migrated to OAUTH. This is taking me a lot of time to sort everything out.

  • Coach Natalie
    Coach Natalie Administrator, Moderator admin

    @turtle, that is correct that if the bank uses their own OAuth API connection, the token is granted by them directly, and Quicken Simplifi has no need to store your credentials. The page where you enter your credentials will not be in Quicken Simplifi; it will be a bank-hosted page.

    As for requesting the ability to see connection types in Quicken Simplifi, although I don't know how needed it would be since Quicken Simplifi doesn't offer most of the connection types offered in Quicken Classic (we only support Quicken Connect and EWC+), you can create an Idea post so other users can vote on it and our product team can review it. Our FAQ with more details on how to do so can be found here:

    https://community.simplifimoney.com/discussion/998/creating-and-voting-for-ideas-in-the-community

    I hope this helps!

    -Coach Natalie

Categories