Accessing your QuickBooks company file requires logging in properly to ensure security. Follow these best practices for securely logging into QuickBooks Desktop or QuickBooks Online to protect your financial data.
Overview of Secure QuickBooks Login
Here are key principles for safely logging into QuickBooks:
- Use strong, unique passwords for all user accounts
- Enable multi-factor authentication (MFA) for additional verification
- Watch for fraudulent or unusual login locations
- Prevent access from unrecognized devices
- Use a secure Internet connection, not public WiFi
- Don’t save passwords in browsers
- Log out fully after QuickBooks sessions
- Monitor login history for unauthorized access attempts
- Update passwords periodically and implement password policies
- Leverage single sign-on (SSO) if available
Following security basics denies access to bad actors trying to breach your QuickBooks accounts and data.
Strong, Unique Passwords
Every QuickBooks user account should have its own complex password that is unique from all other accounts.
Avoid common, easy-to-guess passwords like “Password123” or reuse the same password everywhere.
QuickBooks passwords should be 8-16 characters combining upper/lowercase letters, numbers and special symbols. The greater complexity, the better.
Using a password manager helps generate and store strong, randomized passwords for each QuickBooks user.
Enabling Multi-Factor Authentication
Turn on multi-factor authentication (MFA) for all QuickBooks accounts. This requires verifying your identity through two methods when logging in:
- Type password (first factor)
- Then enter a generated code from an authenticator app or text message (second factor)
MFA ensures only authorized individuals can access QuickBooks even if a password is compromised. Never skip this critical security layer.
Recognizing Suspicious Locations
QuickBooks displays locations in your login history. Watch for logins from unfamiliar cities or countries which could indicate a breach.
For example, logins from Russia or China when you operate in the US warrant further investigation and password changes. Location is a clue.
Immediately report unrecognized login locations to Intuit or your IT team to prevent financial theft or fraud with your QuickBooks data.
Blocking Unknown Devices
If you don’t recognize the device attempting to login under your QuickBooks credentials, block it!
Device names like “Windows 10 PC” are shown in login histories. Legitimate users will recognize their own computers and phones.
Blocking quickly prevents outsiders who have obtained your username and password from accessing your financial data from their own PCs or devices.
Using Secure Connections
Always login to QuickBooks via private, encrypted networks only – never through unsecured public WiFi or hotspots which can expose your credentials.
Use a Virtual Private Network (VPN) when accessing QuickBooks remotely to encrypt your connection. Avoid accessing QuickBooks over public connections lacking encryption.
QuickBooks Online runs on secure HTTPS protocol for data transmission. Ensure you use the web-based version, not http.
Protecting Saved Passwords
Never allow browsers or password managers to save QuickBooks credentials. This creates additional exposure if a device is compromised.
Check settings in Chrome, Firefox, Safari, Edge and other browsers to ensure they won’t remember or autofill your Intuit password.
Likewise, disable auto password filling in smartphone apps to prevent convenience features from overriding security.
Logging Out Fully
Upon finishing your QuickBooks session, completely log out rather than just closing the window or browser tab.
Logging out helps protect your account if others gain physical access to the device you were using before shutting it down fully.
QuickBooks Online shows your active logged in sessions. End old sessions to keep your account access up to date.
Monitoring Login History
Routinely check your login history in QuickBooks account settings.Scan for any unknown locations, browsers or IP addresses.
Watch for logins at unusual times like the middle of the night when you wouldn’t access QuickBooks normally.
Verifying your own login history helps detect external account access for early risk mitigation.
Changing Passwords Periodically
Update QuickBooks passwords every 60-90 days as a good practice to limit unauthorized access if a password is inadvertently revealed.
Routine password changes also reduce the damage if your account credentials are compromised unknowingly.
Don’t reuse old passwords when changing either – choose completely new complex passwords.
Implementing Password Policies
For QuickBooks admins, enable password policies requiring minimum complexity, expiration periods, login attempts rules, and history restrictions.
Policies reduce risks of weak passwords. Handle password resets securely by confirming identities out-of-band before issuing a temporary password.
Monitor high volumes of failed login attempts for brute force attacks. Lock accounts if needed.
Leveraging Single Sign-On
For QuickBooks Online, enable integration with single sign-on (SSO) platforms like Okta, OneLogin or Microsoft Azure AD.
SSO allows users to access QuickBooks Online by signing in once to the central SSO portal. This eliminates the need to remember multiple complex passwords.
Leveraging SSO enhances security compliance and reduces password fatigue. QuickBooks admins can control permissions centrally.
When to Engage an Accounting Firm
Consider engaging your accounting firm like QuickBooks Tax Advisors to implement identity and access management best practices for QuickBooks users company-wide.
Their experience applying security protocols consistently across clients enhances control and compliance. Audits can identify potential vulnerabilities.
An accountant can also assist if your QuickBooks account is compromised with rapid response to prevent financial damages.
Conclusion
Applying essential online security practices like using strong unique passwords, multi-factor authentication, monitoring login histories, changing passwords regularly and leveraging single sign-on protects access to your vital QuickBooks financial data. Sound identity management is a business imperative.