Security Changes - Steps You May Need to Take before November 15
Tuesday, September 27th, 2011In the cyber world, there is a never-ending battle between the bad guys, who are trying to steal or corrupt your data, and the people you pay money to, who are trying to protect your data.
QuickBase is no exception. My first QuickBase password was a three letter word, but those days are long gone. There has never been a data breach from QuickBase, but Intuit staff are still working hard to stay ahead of the bad guys.
If you have been in QuickBase recently, you probably saw this:
What does this mean?
You don’t need to do anything for now - but sometime before November 15, you need to click on the update link. At that time, you will need to
(a) Change your password to have letters and numbers in it, and
(b) Enter a security question - this is the kind of question that we have all become familiar with — what elementary school did you go to? What is your favorite ice cream flavor, etc.
No big deal, right? Well, maybe.
How could this be a big deal?
If you are running any scripts that access QuickBase and use a username or password to log in, then you need to think about their username and password too.
For the time being (even past Nov 15), these scripts will not be required to comply. But at some point (Intuit does not say when), compliance will be required.
Just as important, if someone uses those credentials to log in at some point, they will have to upgrade their password when they log in. And if the old password was too simple, they won’t be able to change it back, and the script will stop working.
Could you explain that again, please?
I’ll try. First - Do I have any scripts that are affected by this? For most people, the answer is no. Here is the easiest way to figure it out: does your application take any actions in response to a script that includes your password? If you are running a third party tool, if you have written custom scripts in php, dot net, or other languages; if you have a spreadsheet that pulls data from QuickBase, or if you ever gave someone a password to include in a program, then the answer is probably yes. Otherwise, probably no.
What do I need to do? Nothing, until either Intuit starts requiring compliance, or someone logs in with that username/password *.
At that point you will need to bring the password up to compliance, and update the script.
Can I get some help?
Absolutely. Start by talking to whoever wrote the script for you in the first place. You can also call us at the Data Collaborative.
We’re here to help you, no matter who you worked with before. We’ll talk with you for free on the phone, and if it looks like it’s a good idea to check your application for compliance with the new requirements, we’ll be happy to help you at our normal low hourly rates.
But call us soon. November 15 is not that far away, and we expect to be busy. Call us at (781) 777-1119, or email us at
Info@DataCollaborative.com.
Yes, this is a pain - we know it. But data security is one of the reasons that we are all working with Intuit in the first place. Bottom line, it’s a good thing to keep several steps ahead of the bad guys.
Happy clicking,
Eric Segal
The Data Collaborative
———————
* There is one exception to this. If you have a script that uses non-API calls, you might need to be in compliance by November 15. For example, the command “a=GenNewRecord” is often included in scripts, but it is not an API call and so may not operate if you don’t update your credentials. Intuit has not been specific about this.
