Is Your Personal Financial Information Safe? Practical Lessons in Quicken Password Vulnerabilities

This paper examines password encryption and authentication techniques applied to the file-level protection of personal documents and databases. As a practical example, I have researched protection schemes used by Intuit Corporation's Quicken software. This personal financial software contains information that most people would consider to be extremely sensitive. However, the password protection and encryption schemes that Quicken uses fail to provide the level of security that might be expected. I've found that the password protection used by Quicken is easily reversed with the purchase of a $30 password cracking application.