Intuit is waving its hands- says "we're making this more secure" - while creating huge security problems

The new logon process is a mess.  I had to spend over 5 hours on the phone with Proseries support to get my 10 user accounts working to the point the users could actually sign in.  Now I wait for it - when passwords expire, hopefully the mess won't start again.

Intuit requires users to have full administrative rights not just to the program files, but the entire computer system, something I refuse to do because it creates tremendous security issues.  Instead, I have an administrative account that I instruct my users to use only when UAC requests administrator approval - which is only when installing updates.  This however, causes a huge mess as - if there is an update available, ProSeries asks for that admin account to login to ProConnect, then after the updates have installed, the original user to login to ProConnect.

All of this - these constant pop-ups asking for login credentials - increases security risks - we know the attack is coming, and we ought to see the form it will take.  This is on top of the larger hack-target that Intuit becomes as they store these login credentials. 

I don't BELIEVE that Intuit was REQUIRED to implement these changes by the IRS (encouraged maybe).

Intuit needs to:

  • make changes to the program that remove the requirement for the USER to have full administrative rights to the entire computer system.  Have the installation program create a user security group and grant that group the APPROPRIATE rights  (not full admin). Then let the administrator assign user accounts to that group.
  • fix their user account creation system
  • fix their password change system

Intuit seems to paradoxically believe that all our users are careful enough to operate the computer with full administrative rights, yet too careless to allow to operate the tax program without logging in with strong credentials.

3 additional answers

No answers have been posted

More Actions

People come to Accountants Community for help and answers—we want to let them know that we're here to listen and share our knowledge. We do that with the style and format of our responses. Here are five guidelines:

  1. Keep it conversational. When answering questions, write like you speak. Imagine you're explaining something to a trusted friend, using simple, everyday language. Avoid jargon and technical terms when possible. When no other word will do, explain technical terms in plain English.
  2. Be clear and state the answer right up front. Ask yourself what specific information the person really needs and then provide it. Stick to the topic and avoid unnecessary details. Break information down into a numbered or bulleted list and highlight the most important details in bold.
  3. Be concise. Aim for no more than two short sentences in a paragraph, and try to keep paragraphs to two lines. A wall of text can look intimidating and many won't read it, so break it up. It's okay to link to other resources for more details, but avoid giving answers that contain little more than a link.
  4. Be a good listener. When people post very general questions, take a second to try to understand what they're really looking for. Then, provide a response that guides them to the best possible outcome.
  5. Be encouraging and positive. Look for ways to eliminate uncertainty by anticipating people's concerns. Make it apparent that we really like helping them achieve positive outcomes.

Select a file to attach: