BigRedConsulting
Community Champion
Community Champion
‎March 15, 2022 11:15 AM

Account management

@CertifiedSecurityEngineer wrote: Furthermore, you don't allow customization of the QuickBooks password policy.  In our company, we require passwords to be at least 15 characters long with at least two character classes.  QuickBooks "strong" requirement is substantially weaker.  I attempted to set the QuickBooks password to "eivma5ld7wn2lf9" (this is a weak password that meets our requirements), but QuickBooks says the password is not complex.  An example it provides is "coMp1ex".  This causes security professionals to weep.  Why?  Using a brute force attack, I can hack "coMp1ex" in about 6 minutes.  My desired [weak] password would take 701 thousand years to hack.

 

 

Clearly your suggested password, "eivma5ld7wn2lf9", is weak. Obviously, since you didn't include any capital letters. So easy to guess, really. "Eivma5ld7wn2lf9", on the other hand, is totally acceptable. As is, "Password1", which I don't think anyone could really guess.

 

Thank goodness Intuit is saving us from ourselves. Heavens know what could happen if someone saw your EIN or your bank account number. You know, other than every employee you've ever had, every contractor who got a 1099 from you, and every person you've ever written a check to.

Here's Intuit's EIN. Oops!

 

IntuitEIN.JPG

 

Reply Join the conversation