About Changing Company Admin and Online Account Passwords

Thanks for visiting this forum and sharing your insights and concerns with the security protocol in QuickBooks, @Dee Dee 1,

To start with the Desktop password, we cannot turn off or extend the 90-days duration to update your credentials. Complex passwords must be changed every 90 days.

Normally, we do not send email notifications for when it's time to update your password. This is because, QuickBooks should automatically prompt you to change your password near the end of the 90 days as well as on the expiration date itself.

See this link for more information: Password security for QuickBooks Desktop

Additionally, only the company admin access is required to change the password every 90 days. 

Please know that we take your account's security seriously and our engineers are working hard towards this goal. We can't provide the turnaround time if they will release email notifications to customers for password update. They work on product enhancements internally.

Despite that, we want to make sure your voice to be heard and be put in action. If you have any product suggestions to our developers about our report preferences, go to the Help menu and select Send Feedback Online.

On another note, Online versions of QuickBooks will require you to login from time to time to allow updates to sync. This includes online banking feeds, third party application connection, program or feature changes and etc.

When you're inactive for too long, the system might disconnect from other sources. Most especially those connections that requires logins to third-party portals.

If you need anything else, please let me know in the comment. I'll be more than happy to share some help with you. Have a good one!

Hi Jen,

I tried to reply on Monday, but it failed because of an authentication error. If I'm supposed to sign in first to my account, when I click on the 'Reply' button, I should be warned. This is because Intuit, as a company, is assuming I already know how to do this, when it's my first time.

Thanks,

Dee Dee

Hi Jen,

 I'm back with a repeat of my Monday reply. My first point is that I'm not sure why you call it a complex password. In any case what is more important is that the 90-day change cycle has failed for us. We have 2 companies.Company one has no sensitive information in it. Company 2 does. Password changes for its Admin password were required on 4/10/2020, 12/4/2020, 1/27/2021 and 3/3/2021. The one before 4/10/2020 whould have been in November 2019 when QuickBooks 2020 Desktop was installed. None of these are close to 90 days. No one in Intuit Support or the Community have an answer for this. Perhaps someone on the Intuit engineering team does.

As for not sending email notifications, this assumes that the Admin credentials are used every 90 days, which may or may not be the case. A reminder, especially if 90 days has already passed could be helpful, so it gets done before someone finds out the hard way.

As for your second reply, we don't use the online version of Quick Books. We use Desktop which is installed on one of our corporate servers. I get the impression you are referring to using the online version of Quick Books. If so, I am talking about the Intuit online account that I maintain as the systems administrator. Why do I have to sign into it every 90 days, when feature or patching updates are sent directly to our Desktop Quick Books and we are required to install them?

As for online banking feed and third party application connections, as a CISSP, I'm very leery of doing this. Company after company has been breached because of their third party affiliations, and we don't allow it. Our corporate work is too confidential and critical to take that risk. Hence there is nothing in our online Intuit account that requires this type of password changing as I stated in my initial post.

Thanks again for your reply; I appreciate it.

Dee Dee

Thanks for utilizing the Community, Dee Dee 1.

I know that this hasn't been easy for you to change your password 90 days or earlier than expected. Let me share some information about this.

Let's start with the complex password, this is when you're asked to set a password that has rules attached. Unlike the simple password where you don't need to worry about the length, capitalization, symbols, and the use of multiple types of characters.

Also, we take the security of your account seriously. There are times that the 90 days policy may not be followed because our system automatically detects if an unauthorized user trying to access the account. When this happens, our system prompts you to change your password the moment you're logged in to your account.

In addition, the idea of changing the password is to prevent bad guys from getting in specially for an organization like yours wherein, a lot of confidential information is stored. Right now, turning off that security feature is currently unavailable. You can still send feedback just what my colleague's suggestion. This way, our developer and engineering team will evaluate your request and may include this in the future update.

Feel free to review this resource for your reference: Password security for QuickBooks Desktop.

Reply to this post if you have further questions about password security. We're always here to help. Take care!

Hi Giovann,

Thank you for your reply. I'm quite familiar with complex passwords, although I can't remember if I have ever heard them called that before. Mostly it has been password with rules or make your make your password more complex by..., etcetera. I appreciate your clarification.

As to updating the password every 90 days not being consistent, you reply is interesting. Our Quick Books desktop is installed on our Terminal Server. The icon is there for every Remote Desktop user to see. However if you don't have credentials for a company you can do nothing. You can't even see an existing company. I know because I just tried it again using my regular and not sys admin credentials.

We have 3 users who can log into our 2 companies, and 1 of those 2 companies has the password update issues as stated earlier in this posting thread. The first user is our bookkeeper who always logs in with her personal company credentials. I'm the second user who occasionally, as needed, logs in with the Admin credentials for either company. The third person is one of our C-Levels. Separately as needed, she logs in with either her personal company credentials or the admin credentials.

While I certainly see the point you are making and why this would cause the variation in password change time periods, I fail to see how it applies to us. Thank you for the information though. I really appreciate it.

One final point on a different subject I mentioned in my original post, I still don't see a need for logging into our Intuit account that has our account details, products and services, payment methods, et. al.every 90 days, when Big Tech companies don't require this.

Thanks again for your reply.

Dee Dee