Don't merge into closed threads

  • 1
  • 4
  • Question
  • Updated 4 months ago
  • Answered
I wanted to add my voice to a big concern of mine, and since the thread Please dump the Quicken ID requirement was closed, I created a new conversation.
A few minutes later, I find that a moderator, Quicken Colin, had merged my comments into that very same thread! Consequently, no one can reply or add on to it, as it's closed to new posts.
I guess I should be grateful that my post wasn't just taken down. However, if Quicken really values the feedback it gets from its forum subscribers, it should leave these Idea threads open until there is some acceptable resolution. By dumping posts into closed threads, you're basically telling Quicken users that the idea is not going anywhere and to stop bringing it up. At least you might give users some credible reasons why the idea is not being pursued.
Photo of SheamusPatt

SheamusPatt

  • 522 Points 500 badge 2x thumb

Posted 4 months ago

  • 1
  • 4
Photo of Bernie

Bernie

  • 412 Points 250 badge 2x thumb
I agree. If Quicken is serious about making the program better, they should LISTEN to EVERYONE's opinion.  
Photo of smayer97 (QM2007, CDN user since '92)

smayer97 (QM2007, CDN user since '92), SuperUser

  • 246,322 Points 100k badge 2x thumb
as a COMPLETE ASIDE, I like your choice of avatars...I grew up on that comic strip, in French...  ;-)
Photo of QPW

QPW

  • 340,320 Points 100k badge 2x thumb
Normally I would say that if they merged your comment into a closed thread it was a mistake.
But in this case I don't think it was.

The "suggestion" that the Quicken Id requirement be dumped is hardly new.
(And probably will never be changed for a lot of reasons.)

This forum is for feedback, but no for rants going on an on.

The thread the moderator put your comment in was an thread marked as an Idea for the same thing that you are suggesting.

The way Quicken Inc wants to determine the amount of people that want something is to vote on the ideas posted.

So as I see it, you got to add your statement and the only thing really missing is your vote.
Photo of QPW

QPW

  • 340,320 Points 100k badge 2x thumb
Actually I just checked that Idea thread.  And you did vote.  So in fact I see nothing missing.
Photo of smayer97 (QM2007, CDN user since '92)

smayer97 (QM2007, CDN user since '92), SuperUser

  • 246,322 Points 100k badge 2x thumb
FYI, Actually, the process of merging a reply to an IDEA thread automatically records the ID as a VOTE....so it is impossible to tell if the OP voted before the merged reply or the vote was recorded as a result of the merged reply.
Photo of QPW

QPW

  • 340,320 Points 100k badge 2x thumb
Oh, I didn't know that.  Well I guess that makes sense.
Photo of mshiggins

mshiggins, SuperUser

  • 373,612 Points 100k badge 2x thumb
Sometimes you want to comment as well as vote. There seems to be a lot more "cleaning" going on lately than there usually is.
Photo of smayer97 (QM2007, CDN user since '92)

smayer97 (QM2007, CDN user since '92), SuperUser

  • 246,322 Points 100k badge 2x thumb
Sorry...I just realized I described that incorrectly...a merged comment/reply into and IDEA thread automatically marks the FOLLOW flag, not the VOTE flag...The VOTE flag is only merged IF merging from one IDEA thread to another IDEA thread AND the user already added a VOTE to the first thread.

Sorry about the previous error.

SO, in this case, in actual fact, either way the OP did record a vote, on one or the other threads (or even both, then in that case, it only gets counted as one vote when merged).
Photo of QPW

QPW

  • 340,320 Points 100k badge 2x thumb
There seems to be a lot more "cleaning" going on lately than there usually is.
Well there has also been a whole lot more comments by Quicken employees, so I guess that Quicken Inc has decided to take a more active role in this forum.
Photo of SheamusPatt

SheamusPatt

  • 522 Points 500 badge 2x thumb
It's true I did get to comment on the thread, but it's a roundabout way to do it, and I believe it does stifle participation. The fact is it's extremely annoying to start up quicken and have to dig around for the Quicken ID password, because once again it seems to have forgotten it or perhaps just routinely checks (I'm still not sure which).
I simply don't buy the argument that Quicken "has to confirm that the financial institution is a valid participating Quicken partner". Why does it have to? Does quicken actually license the QFX format, and is checking up on its "partners"? If so there are less obtrusive ways to do this (a private key exchange with partners that each could sign comes to mind). In any case financial institutions should not have to pay to be a Quicken partner (I don't know that they do, but if not I don't see why Quicken would be so particular that it would annoy its customers so badly just to enforce its partner agreements).
(Edited)
Photo of SheamusPatt

SheamusPatt

  • 522 Points 500 badge 2x thumb
So I've read, @splasher. However, all that's needed to get a Quicken ID is a valid e-mail, which is freely available in lots of places. So, providing a Quicken ID doesn't really prove anything - it's false security. After all, validating the financial institution (or, confirming that they are licensed by Quicken) has nothing to do with the Quicken ID provided. Presumably it's just sending in their institution ID, and being returned an OK / Not OK. Hardly a request that would be exposing a security hole.
I'm more concerned with the security of my own financial data. Since Quicken is capable of uploading it to their servers, I'd rather not give them credentials of where they might store it. I have turned it off, but can't be certain that some update might not just enable it on me.
Photo of QPW

QPW

  • 340,280 Points 100k badge 2x thumb
Note, above I stated I don't believe the "security" response of why you can't import a QFX file without them checking out that it is a participating partner.

As in the argument sometimes stated by Quicken employees is that if you got a QFX file from a non participating partner it could some how damage/compromise your data.

That is of course ridiculous.

BUT given that they have a requirement to make sure that you are only importing from places that they get paid for.  And to restrict you importing past the "discontinue date".  And they are doing that by contacting their servers.  Then that "security" is a different story.

As in they are trying to protect their server (and business model).

Now as you point out that might be "false security", that doesn't really do anything.

But guess what?

Companies (and banks, and governments) have their "security protocols" that lots of times are based on false assumptions and/or are outdated.

I will give an example.  "You need to change your password every 90 days".
If it was that your password changes every time like your garage door code does then you would have something.  But 90 days?  So on average the hacker has your password for 45 days and doesn't know what to do with it?

Stupid.  Or how about "security questions", like "What is your mother's maiden name?"  And people answer truthfully.  And with that you can reset a password that might be say: nj&Y36E4#mAsB&Bpr#2n

Yeah, that is great "security".

So anyways someone says "It isn't secure to allow anonymous logins".
That becomes the rule and you aren't going to change their minds.
And I believe that the "their minds" are like Splasher said as in the financial institutions, Quicken Inc , and Intuit.

Now for this statement:
I'm more concerned with the security of my own financial data. Since Quicken is capable of uploading it to their servers, I'd rather not give them credentials of where they might store it.
And that doesn't make any sense either.

And why are your "credentials" valuable?
As you pointed out all a Quicken Id connects to is an emails address.  I can get one of them completely anonymously.  I can put fake information for my name and address and all of that.  If a person is concerned about any of this, they can setup so that there isn't anything that is "less anonymous" than the "old anonymous" login system.

Why would they need any "credentials" to store stuff on their servers?

They can send/store anything they like.  If you don't trust them, you shouldn't be using Quicken.  Or at least you should be using it on a machine that isn't connected to the Internet at all.  Or unless you have enough knowledge to know how to block the secure connections (which is basically just the equivalence of working totally offline.)

But I'm going to finish my participating in this thread with what I meant above that "stifling participation" is sort of the goal.

You might think this is a new discussion, but it isn't.  And it is so old, that every argument against (and for) have long been stated hundreds of times over many years.  The Inuit Id was put in in Quicken 2014, and there isn't any different arguments against the Quicken Id that doesn't apply to the Intuit Id.  There is one new "for it", at least for Quicken Inc.  It is the key to the account that holds the subscription.  Quicken is now built around using it for licensing and the level of functionality (Starter, Deluxe, ...)

On the QFX import.  The requirement to contact the server has always been there.
And just because you now are seeing it because it isn't anonymous any more doesn't change its functionality.

And in fact this really what is happening now.  There was always a "subscription".  There were always "calls home". But people naively didn't pay attention to them. Now at least they are "up front" where you can see them.

So in fact no new knowledge is being shared here.  At least not to Quicken Inc.  They have heard it all.  Threads have no new information then the only two thing left are rants, and me toos.

Me toos are handled by the ability to vote.
The rants are "strongly discouraged".
Photo of SheamusPatt

SheamusPatt

  • 522 Points 500 badge 2x thumb
This thread is getting too long but I should reiterate a couple of points.

Regarding the security of my own financial data, I'm talking specifically about recent features to support the mobile app; this app requires that my Quicken data be mirrored on Quicken's servers, so the mobile app can access it. This is, as you might imagine, pretty sensitive stuff; it has all of my investments, bank account numbers, where I've been shopping etc. I use a desktop app precisely because I don't want this stuff "in the cloud". While I'm sure Quicken pays attention to the security of this stuff, there have been many cases of web sites being hacked. I don't want to be a victim, but it seems I have trust Quicken to respect the "no mobile data" flag I've set, and be very careful that on some future upgrade I don't click through and leave it on myself. Being able to run the product anonymously would make me feel more confident that my data is staying out of the cloud. Of course, Quicken doesn't need "credentials" to upload my data, but I trust they at least have the sense not to store data without them; they would all just end up in a pool; of anonymous Quicken data. 

The other big objection I have to the Quicken ID, which I have likely not emphasized enough, is the frustrating way that their logon process has been implemented. Quicken's security gurus have not only been convinced that anonymous logins are evil, they apparently believe that two-factor authentication must be mandated, since the Quicken ID logon (as well as their web logon) requires two-factor identification and does not provide an option to disable it. They also don't provide a "trust this computer" option as big providers like Google do; instead, it's needed each time you log into Quicken. It wouldn't be so bad except it's faulty. I have yet to receive their auth code by text message even though I've verified my cell number multiple times. Fortunately e-mail does usually work, but on occasion it hasn't; I have an alternate Quicken ID account set up simply because after spending a half our or so trying to get my auth code e-mailed, it seemed the simplest option.
(Edited)
Photo of QPW

QPW

  • 340,280 Points 100k badge 2x thumb
Regarding the security of my own financial data, I'm talking specifically about recent features to support the mobile app; this app requires that my Quicken data be mirrored on Quicken's servers, so the mobile app can access it. This is, as you might imagine, pretty sensitive stuff; it has all of my investments, bank account numbers, where I've been shopping etc. I use a desktop app precisely because I don't want this stuff "in the cloud".
Then don't sync to mobile.  It is your choice.  Note that the "Quicken Cloud account" isn't "Quicken mobile" or at least one term can not be interchanged with the other.

The Quicken Cloud account is the "storage" area for all online services.  It is always created, but basically has nothing in it if you don't use those services.  It holds Quicken Mobile, Online Bills, Credit Score, ...

As for your second objection.

Yeah, I don't like what they think is "security".

But the likelihood of them changing there minds is probably on the same order as hell freezing over.

On the other hand it is possible that they might tweak the implementation here and there.  But anyone hoping that it will completely go away is not going to get their wish.
Photo of QPW

QPW

  • 340,280 Points 100k badge 2x thumb
P.S.  Even if a person was to turn on Mobile sync, they choose what accounts to sync.  And you can sync cash accounts or account not associated with any financial institution. It is just like Express Web Connect in that you have to "turn it on" for a given account for the server to be storing your financial institution credentials.

This conversation is no longer open for comments or replies.