Comments on: Russian Elcomsoft Finds Backdoor in Quicken Passwords

By: Sandeep Nain

Sandeep Nain — Fri, 31 Aug 2007 02:36:33 +0000

Thanks Alfred

I’ll take that as compliment… I can probably help out government in implementing new technologies in a better way…

By: Alfred Farrington

Alfred Farrington — Fri, 17 Aug 2007 14:25:51 +0000

Ah Sandeep is a thinker a company or the government has any use for you ;P

By: Sandeep Nain

Sandeep Nain — Thu, 16 Aug 2007 00:55:28 +0000

Yes… no doubt leaving such backdoor is a way of making money.. but why didnt they come up with a 2 way authentication mechanism..

E.g. if a user looses his/her password, quicken consultant may go to the site and uses a smartcard etc to login which only allows to change the password.

i believe this will be a bit better way than leaving a backdoor to login without password. (and quicken will be able earn money too)

By: Alfred Farrington

Alfred Farrington — Wed, 15 Aug 2007 14:14:10 +0000

I agree with the other people in the commentary this is a way to make money. You forget your password you have to call support. Guess what? Support = Dollars. To Quicken dollars makes sense.

By: Alfred Farrington

Alfred Farrington — Wed, 15 Aug 2007 14:11:34 +0000

Hmmm, I would like to think that accountants and people running payroll could actually think instead of letting a program think for them. This is what happens when you let a company decide how to “think” for you. You are at their mercy. I am waiting to hear government hacks company to find out true earnings for the company. Put I’m just paranoid

I agree with the other people in the commentary this is a way to make money. You forget your password you have to call support. Guess what? Support = Dollars. To Quicken dollars makes sense.

By: CK76

CK76 — Tue, 14 Aug 2007 17:10:17 +0000

Yeah, this sucks. While it may not matter to people in lower tax brackets (me), it sucks for all those small and medium sized businesses whose accounting departments rely on this software to manage payroll, accounts receivable, etc.

By: Steve

Steve — Tue, 14 Aug 2007 17:07:22 +0000

Well based on the fact that ppl will legitamately loose their passwords, this is helpful. But what about those that will loose this maliciously.

I guess it maybe too much work to put some type of 2 factor authentication into some applications, in the event that your password is cracked, you make need a file that’s physically on the machine to open the file, and it should be a file that you chose as “key file”.

By: TheRealDonQuixote

TheRealDonQuixote — Tue, 14 Aug 2007 15:49:15 +0000

Its a good thing I don’t have any money to keep track of!!

Coding in a “backdoor” as a precaution for retard customers is always a bad idea. The whole notion of it is passe, you might as well be watching the movie “Hackers”. Anyway, I prefer to use OpenOffice Spreadsheet and my brain to manage what little cash I got. If I ever really need a program specifically to keep track of my funds then I’ll hire an accountant or an accounting firm.

Remember kids, trusting other people’s code with your money/accounts/investments is like trusting a politician to tell the truth.

By: Zanith

Zanith — Tue, 14 Aug 2007 14:45:09 +0000

I agree, they probably count on the fact that a certain percentage of their customers will loose their passwords at some point.

By: Cyanide

Cyanide — Tue, 14 Aug 2007 12:41:10 +0000

Meh..to tell you the truth I would lean more towards Quicken just wanting to make more money with the recovery of their customers files.