It all started when I received an email alert that someone was trying to log into my account at 00:08 AM last night.
Fuck. They must be using compromised credentials. APPARENTLY INTUIT DIDN’T DISABLE ALL BREACHED PASSWORDS AFTER THEY GOT HACKED
I saw they offered a way to report it.
“If you didn’t make this request, contact us.”
The “contact us” bit had a long-ass link with enough identifiers to prove exactly what I was reporting. But click that link dumped me on a generic contact page. fffs.
I logged in easily enough because Intuit didn’t disable breached passwords.
I then tried to change my password.
Here are the stated requirements:
- 8 or more characters
- Upper and lower case letters (e.g. Aa)
- A number (e.g. 1234)
- A symbol (e.g. !@#$)
So here is what I tried:
woD9ffDuqCZh-FvoPpb_u.RrchCs6RQq-vWzevD*tzZJWF@XzmLEsV68wo7UAJ*66CYXAm@N!*s*g!42-gow*-*-4sD23EBXYgfe
Seems strong enough! It’s even described as STRONG
Intuit rejected it with a vague message: “Invalid password.” No explanation.
I tried 64 characters. Then 53 characters. Finally, they accepted a password with just about 30 characters.
Is Intuit still saving passwords in plaintext??
How do I close my account???