QuickBooks 2018 Security
Security has been a big focus for the QuickBooks development team for the past couple of years, and that continues this year. If you remember last year’s security/password hullaballoo, don’t worry. I’ve not come across any security change that is going to make your life miserable. There are a number of security enhancements in all editions of QuickBooks 2018.
These are all good (although I’m concerned with the change for add-on applications). Security is important, and none of these changes should interfere with how you work with QuickBooks.
Secure Web Mail
Intuit is changing how web mail works in QuickBooks 2018, and this change can greatly improve security.
QuickBooks offers several options to integrate with email.
- I use Microsoft Outlook, and that integration works well.
- Some people have QuickBooks Email available, if you have a subscription to some other service from Intuit. That isn’t my favorite choice due to the way it works, where you don’t have good control or the ability to track emails sent through the Intuit servers.
- A commonly used option is web mail, where you can connect to an email account like Google gmail. That can be tricky to set up sometimes, and there have been some security risks.
Prior to this release, the QuickBooks webmail integration used SMTP to send emails. This isn’t recommended by most webmail providers. To make this work with Google gmail you would have to decrease your level of security in gmail, which is not good.
This update only applies to Google gmail and the Microsoft web mail systems (Hotmail, msn.com, live.com, outlook.com). Yahoo isn’t supported due to their poor support for the kind of advanced communications used here. I’m going to use Google gmail in my discussion here.
With prior versions of QuickBooks, If you try to connect QuickBooks to your Google gmail account you may get this warning via email, as Google will block QuickBooks from connecting.
In your Google gmail settings you would have to enable the “Allow less secure apps” option. I was not happy with this approach!
Once this is enabled, you can connect QuickBooks to your Google gmail account.
In QuickBooks 2018 there is a new option that will use the industry standard OAuth 2.0 method for connecting applications.
In your Send Forms preferences, select Web Mail and then either add a new account or edit an existing account.
Check the box for Use enhanced security to enable the new feature.
Note that if you have been using the older method, and you upgrade to QuickBooks 2018, you are not forced to make this change, your email system will work the same as before. However, I strongly recommend that you make this change.
You will need an “Intuit ID,” which most QuickBooks users will have. This doesn’t cost you anything and it is necessary if you work with most Intuit products (TurboTax, any QuickBooks online service, registering your QuickBooks product, etc.). Sign in using your Intuit account.
Note that this is the first time that an Intuit ID has been used in QuickBooks Canada. It has been a feature in QuickBooks US for a number of years now. I’m not sure if this is new to the UK versions or not.
Next you will be asked to sign in to your Google account. You will need your Google password at this stage, but you won’t be asked for it again as you use QuickBooks later.
You will be asked to confirm that you want QuickBooks (and Intuit) to access your email account. I always get nervous at this point. I don’t mind letting them send email, but “manage your email”? “Read” it? I always pause when I see things like this. However, in this case I know that Intuit’s only access will be to send email out using the account.
If you have been using the older method of accessing web mail, don’t forget to turn off the “less secure” option. It isn’t needed anymore. QuickBooks is the only product that I used that required this less secure option, but if you have other apps that rely on it, you may want to leave it enabled.
Note that you are not exchanging passwords every time you send an email from QuickBooks after you implement this method. It is based on access tokens, so if you change your password for your web mail account at a later date, you don’t have to change anything in this program.
This approach worked very well for me, and it does make things more secure and a bit simpler to use.
Note that there are several kinds of permissions in action here. You have the OAuth token and the Intuit ID account information. I believe that the OAuth token is stored in the local machine, but the other information is stored in the company file. Since some information is stored locally, you will have to re-authorize this if you go to another computer to use the same QuickBooks company file. Also, since some of the information is stored in the company file itself, if you authorized a connection on your computer for one company file, you will have to reauthorize this if you work with another company file, even on the same computer.
To add a bit more confusion, in my experience most businesses have a single Intuit ID for their business operation, which everyone uses (rather than each individual having a separate Intuit ID). Fortunately, Intuit has made this process user-specific, found on the My Preferences tab. So even if multiple users are sharing the same Intuit ID, the webmail account that they are using is stored in their individual user preferences so people can use their own individual email account if they wish.
When it comes to multiple users, I’m not clear on some details at this time. This information is set up in the My Preferences tab, so it is being set up per QuickBooks user account. If user “George” sets it up, user “Linda” won’t have access to this setup. That is good. If every QuickBooks user has their own Intuit ID and their own Google gmail account, everything is set up properly. However: