To ensure the protection of your critical data, QuickBooks Desktop requires passwords for data files to meet certain complexity requirements. The minimum requirements for complex passwords include:
Complex passwords must be changed every 90 days. QuickBooks prompts you to change your password near the end of the 90 days as well as on the expiration date itself.
Users whose files contain sensitive data such as credit card numbers, Social Insurance numbers, employer identification numbers, or who have "Credit Card Protection" on will be asked to set a complex password when they sign in to the file after the update.
Note: Only administrators will be required to change the password every 90 days.
Listed below are the password requirements for QuickBooks Desktop. Take note that passwords are case sensitive.
For users with sensitive information or credit card protection, setting a password is mandatory. It ensures that only authorized users can access your data. If you use QuickBooks Desktop Accountant or Enterprise Accountant, you can use QuickBooks File Manager to keep track of your passwords for each file.
|Accountant's Copy File Transfer service (ACFT)||Security update has been implemented for version 2016 (R5)|
|Search functionality||Restored for 2016 (R7)|
|Auto Data Recovery (ADR) functionality||Restored for 2016 (R7)|
What if I have multiple QuickBooks Desktop products? Do I need to download and install the update for each one?
If you have installed more than one identified version of QuickBooks Desktop, you need to update each version.
I still have a trial version of QuickBooks Desktop installed on my system. Do I still need to apply the security update?
All expired trial versions of QuickBooks Desktop should be uninstalled. If you have any unexpired trial versions of QuickBooks Desktop installed on your system, download and install the security update.
I only use the Internet on a periodic basis. Do I still need to download the security update?
Yes. We recommend downloading and installing the security update.
What if I’ve uninstalled one of these products and no longer use it? Do I still need the update?
If you have uninstalled QuickBooks Desktop, you will not be affected by this vulnerability. When uninstalling multiple versions, ensure that you uninstall the most recent version of the software.
What is the vulnerability?
To help protect customers, we don’t disclose specific details about security vulnerabilities that we discover. This information could be used by criminals to find and take advantage of the vulnerability.
What happens if I disable credit card protection or remove all the credit card information from the file?
The update is designed to deliver strong password controls to help ensure that the person attempting to access a QuickBooks Desktop account is authorized. Once the application detects that a QuickBooks Desktop company file has sensitive data, it is configured to add another layer of security protection. However, removing credit card information and Personally Identifiable Information (PII) from the file will turn off this configuration and users will not be required to set up a password.
Can accountants set a password on their client's working file?
Yes. Changing the password in the .QBA file should have no effect on the client's original file.
What are the specific Personally Identifiable Information (PII) data that QuickBooks Desktop detects to require a strong password?
QuickBooks detects presence of the following PII: