Intuit is waving its hands- says "we're making this more secure" - while creating huge security problems
The new logon process is a mess. I had to spend over 5 hours on the phone with Proseries support to get my 10 user accounts working to the point the users could actually sign in. Now I wait for it - when passwords expire, hopefully the mess won't start again.
Intuit requires users to have full administrative rights not just to the program files, but the entire computer system, something I refuse to do because it creates tremendous security issues. Instead, I have an administrative account that I instruct my users to use only when UAC requests administrator approval - which is only when installing updates. This however, causes a huge mess as - if there is an update available, ProSeries asks for that admin account to login to ProConnect, then after the updates have installed, the original user to login to ProConnect.
All of this - these constant pop-ups asking for login credentials - increases security risks - we know the attack is coming, and we ought to see the form it will take. This is on top of the larger hack-target that Intuit becomes as they store these login credentials.
I don't BELIEVE that Intuit was REQUIRED to implement these changes by the IRS (encouraged maybe).
Intuit needs to:
- make changes to the program that remove the requirement for the USER to have full administrative rights to the entire computer system. Have the installation program create a user security group and grant that group the APPROPRIATE rights (not full admin). Then let the administrator assign user accounts to that group.
- fix their user account creation system
- fix their password change system
Intuit seems to paradoxically believe that all our users are careful enough to operate the computer with full administrative rights, yet too careless to allow to operate the tax program without logging in with strong credentials.