cancel
Showing results for 
Search instead for 
Did you mean: 
ChrisHardie
Level 2

Better balance of security and convenience for logging in?

Hi. I find the QBO login security / session timeout setup to be a bit on the aggressive side. I have already extended the "Sign me out if inactive for" setting to 3 hours, but I still find myself going through this process multiple times per day from the same static business IP address and browser when using QBO:

 

  1. Load login screen
  2. Click continue after confirming username is correct
  3. Check "I'm not a robot"
  4. Find all the bikes or traffic lights or crosswalks, sometimes multiple rounds (5-10 clicks each)
  5. Enter password
  6. Enter 2FA code
  7. Wait for various spinners and redirects and company info to load, sometimes another 10+ seconds of assets loading and Javascript calls and screen redraws. (Very fast internet connection on a modern computer.)

 

All in all it's about 30-60 seconds of my day, but it becomes a bit tedious over time. I appreciate the attention to security, but I would think that the presence of an expired session cookie and/or previous logins from the same IP just hours before might allow me to at least avoid the captcha/puzzle solving step multiple times per day, and maybe to increase the time between requiring 2FA.

 

Just me?

3 Comments 3
JuliaMikkaelaQ
QuickBooks Team

Better balance of security and convenience for logging in?

I appreciate you providing a clear detail of your concern, Chris. Let me share some information about the security features of QuickBooks Online. 

 

I understand that entering various security tools before accessing your QuickBooks Online account can be a cumbersome process. It's important to note that QuickBooks is dedicated to ensuring the security of your data by providing advanced security tools and systems. These measures are specifically designed to provide additional protection against password theft. Also, when logging in to QBO, the CAPTCHA verification process is generated by your browser to make sure that a human is performing the task instead of a machine and cannot be disabled. 

 

On the other hand, if you wish to turn off the two-step verification, you may do so via the Intuit Account Manager. Before doing so, please be reminded that once you disable this feature, we will still require you to verify your identity the first time you sign in on an unrecognized device. You can follow the steps below to be guided:

 

  1. Sign in to your Intuit Account Manager.
  2. Select Sign in & security.
  3. In the 2-step verification section, turn off the Use 2-step verification switch.
  4. Enter your account password, then select Continue.

 

If you're utilizing a different phone number, please check out this article for more details: Turn on or turn off two-step verification.

 

Furthermore, you might consider using the QuickBooks mobile app to stay connected and sign in to your QBO account, which can help you manage your business anytime and anywhere.

 

Also, you might find these articles helpful in achieving basic tasks in the program: Video tutorials for QuickBooks Online.

 

As always, you can get back to me if you have additional questions or QuickBooks-related queries. I'll make sure to be around and lend a hand. Keep safe!

ChrisHardie
Level 2

Better balance of security and convenience for logging in?

Thanks for your response, Julia. I don't think turning off 2FA is a good option, as I do want that extra layer of protection in the event of a password compromise. But I've seen other platforms do a slightly better job of avoiding re-verifying my humanity or requiring 2FA with every single login, when other information is available that can be used to confirm that my login is likely coming from me. For example, I logged in to another site today that offered a "don't require 2FA for 1 week on this computer" checkbox for my IP address/browser combination, following a successful login. I believe the CAPTCHA tool you're using could also be configured to be slightly less strict in a similar way.

 

If you're going to give the option for users to turn off 2FA altogether, it seems like it would not be a worse option to let them choose to soften these other requirements as well, within reason. So I guess if you'd be willing to take that kind of a change as a UX feature suggestion, I'd appreciate it. Thanks again!

 

MirriamM
Moderator

Better balance of security and convenience for logging in?

Hello there, Chris. Thanks for getting back to us.

 

We value your feedback and understand how important this feature is for your business. We're constantly working to enhance our software and cater to your needs. In the meantime, I suggest you provide your feedback to help us improve the program.

 

To send feedback, follow the below steps:

 

  1. Go to the Gear icon at the top.
  2. Select Feedback.
  3. Enter your comments or product suggestions. 
  4. Then select Next to submit feedback.

 

To stay updated with the latest changes and upcoming features of QuickBooks products, you can visit the following sites:

 

 

Please feel free to let me know if you have any other concerns or quest

Sign in for expert help
Ask questions, post replies & join our community of QuickBooks users.

Need to get in touch?

Contact us