QuickBooks Desktop Security Update – 800.475.1047 – Training – Support – Consultant – Reseller
QuickBooks has rolled out a new security update requiring some, not all, customers to update their passwords to have a ‘complex password’. Depending on the information that is stored in your QuickBooks files, you may or may not be affected by this change. Prior to this update, complex passwords were only required for those customers that enabled Credit Card Protection which allows for credit card information to be stored in your QuickBooks files. Accounting professionals are also affected by this update as they now have to keep track of a large number of passwords across multiple clients, making it more complicated to keep track of QuickBooks user information.
Intuit says “Intuit has identified, and is implementing updates to address a security vulnerability in QuickBooks desktop software. We are proactively notifying customers of the steps required to install an update, which is designed to address the security vulnerability, and regarding other steps they can take to protect themselves and their data. To help protect customers, we don’t disclose specific details about security vulnerabilities that we discover. The information could be used by criminals to find and take advantage of the vulnerability. At this time, we know of no cases where anyone has taken advantage of this vulnerability to obtain sensitive information”
What Products are affected?
QuickBooks Online and QuickBooks for Mac are not included on this security update. As of now, this update only affects QuickBooks Desktop (Pro, Premier, Enterprise and Accountant versions for Windows). Only certain products are also affected depending on the year and revision of the product you’re running*. Currently, if you don’t have these full revision numbers listed or later, this update will not affect your product.
- QuickBooks 2016 R7_114
- QuickBooks 2015 R10_15
- QuickBooks 2014 R11_40
*Find the Product Information by pressing F2 while running QuickBooks. The Product will say something like this: QuickBooks Accountant Desktop 2015 Release and below will list the Product Number that reflects R11_40 or alike.
What are Complex Passwords?
Complex Passwords are 7 characters in length containing at least one uppercase letter and At least one number. This change also incorporates a recommended password change every 90 days and a minimum of 5 rotating passwords. Meaning, you cannot use a password that has been used in the last 5 cycles. At times, a required change of your complex password is necessary. At the moment, QuickBooks 2016 and 2015 usually recommends this complex password change, while earlier versions are required to change their complex passwords every 90 days.
Remembering login’s and passwords can be difficult. Post it notes or manual logs are not recommended even if you don’t think you have pertinent information to keep secure. There are managers for keeping your user information and passwords secure. Dashline is a simple to use manager that stores your user ID’s, passwords and even credit card information. It also helps let you know the quality of your passwords, and will let you know if they need improvement. This application is free for any single device. Other managers to look at are LastPass, 1Password and Password Box.
Intuit is not giving you the option of keeping your data safe, they gave made the decision for you. So even if you don’t think your data is worthy of being password protected you don’t have a choice. Any accounting professional or IT professional strongly recommend protecting any and all data no matter how unimportant you think your files are.
What Prompts Complex Passwords?
Complex Passwords are ‘triggered’ by customer credit card information and personally identifiable information. You are now required to have a complex password even if you have not enabled Customer Credit Card Protection
PCI Compliance**requires you to secure your files where you store credit card information for your clients. QuickBooks made it so that your company is complaint with this standard to keep your company and your clients protected. Complex passwords are mandatory if your company utilizes Customer Credit Card Protection and you are required to change them every 90 days with no less than 5 rotating password repetitions.
**The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.
The second trigger that requires complex passwords is any record that has Personally Identifiable Information or PII. According to Intuit, Personally Identifiable Information includes an employee record with a SSN even if you aren’t using Intuit Payroll, Employer Identification Number (EIN) or SSN in your Company Information, any bank account number or routing number located in your Chart of Accounts, or a Vendor Tax ID. This complex password trigger may not require you to change your complex password every 90 days but will most likely recommend it.
Are Complex Passwords an Option?
Yes and No. If this isn’t an update you want to affect your software, don’t install the update, remove all sensitive information listed above from your data and make sure you have not enabled Customer Credit Card Protection. It is usually recommended to use the latest version and the most current updates installed.
Contact one of our professionals to find out if these options are suitable for your business.
With over 25 years of accounting and business knowledge as well as proficient technical background you get the training and support your business needs and deserves working with a proficient expert consultant. You can work with the same consultant to help you master your Sage Software and for those occasional questions you need help with so you can understand best practices and how to manage your company information and books.
Put our 25 years of experience to work for you!
“Your Success is Our Goal”
Alabama Alaska Arizona Arkansas California Colorado Connecticut Delaware Florida Georgia Hawaii Idaho Illinois Indiana Iowa Kansas Kentucky Louisiana Maine Maryland Massachusetts Michigan Minnesota Mississippi Missouri Montana Nebraska Nevada New Hampshire New Jersey New Mexico New York North Carolina North Dakota Ohio Oklahoma Oregon Pennsylvania Rhode Island South Carolina South Dakota Tennessee Texas Utah Vermont Virginia Washington West Virginia Wisconsin Wyoming