Investing

WARNING: Questrade login not safe

  • Last Updated:
  • Oct 23rd, 2017 10:43 am
[OP]
Newbie
Mar 8, 2017
15 posts
7 upvotes

WARNING: Questrade login not safe

Just a heads up that I just encountered 10 minutes ago.
I logged into my Questrade account, checked my accounts and then logged out.
My wife used my computer just after me to do the same but when she logged in with her user/pwd, she was logged in MY accounts!!!
She calls me and we checked that she could see everything so I guess she could have traded, transferred money, etc. So she logs out and tries to log in again in front of me, and ends up again with FULL control of my accounts!
I'm using the last official version of Chrome on Mac so I don't think my browser security is at fault here.

Use the incognito window when going on Questrade!!!

I sent an email to the support. Will keep you posted on the response.
25 replies
Member
User avatar
Sep 18, 2016
396 posts
374 upvotes
you got a family account ?
"Do not allow yourself to become resentful, deceitful or arrogant"
Jordan B. Peterson
Deal Fanatic
Nov 22, 2015
5950 posts
5532 upvotes
BalancedPortfolio wrote: Just a heads up that I just encountered 10 minutes ago.
I logged into my Questrade account, checked my accounts and then logged out.
My wife used my computer just after me to do the same but when she logged in with her user/pwd, she was logged in MY accounts!!!
She calls me and we checked that she could see everything so I guess she could have traded, transferred money, etc. So she logs out and tries to log in again in front of me, and ends up again with FULL control of my accounts!
I'm using the last official version of Chrome on Mac so I don't think my browser security is at fault here.

Use the incognito window when going on Questrade!!!

I sent an email to the support. Will keep you posted on the response.
Sounds like a cookie issue with Chrome for Mac. Does it do the same thing in Safari?
Deal Fanatic
May 31, 2007
5018 posts
2165 upvotes
It remembers the last user name and auto prompts saved passwords. Possible user error, she might have logged in under your name and password.
[OP]
Newbie
Mar 8, 2017
15 posts
7 upvotes
Jungle wrote: It remembers the last user name and auto prompts saved passwords. Possible user error, she might have logged in under your name and password.
Questrade is one of the websites that is configured on my browser to NOT keep any login/pwd in memory. Plus as explained in my post, she did it again in front of me. Lastly, she doesn't know my credentials. So human error is excluded here.
[OP]
Newbie
Mar 8, 2017
15 posts
7 upvotes
superfresh89 wrote: Sounds like a cookie issue with Chrome for Mac. Does it do the same thing in Safari?
Just did it now on Safari: Exact same behaviour. This is a coding security hole, not a browser/cookie issue!
Deal Fanatic
Jun 17, 2013
5120 posts
1500 upvotes
Montreal
BalancedPortfolio wrote: Just did it now on Safari: Exact same behaviour. This is a coding security hole, not a browser/cookie issue!
No issue when I try it,. Record a video of it.
Deal Guru
User avatar
Mar 10, 2005
10054 posts
3538 upvotes
Yea I would check the login activity to make sure you were logged out and she was logged in - I think it was probably your account
“...because most of what we say and do is not essential. If you can eliminate it, you'll have more time and more tranquility. Ask yourself at every moment, is this necessary…” -Marcus Aurelius
Newbie
Sep 20, 2015
48 posts
63 upvotes
Nepean, ON
i saw the same issue! just today
maybe a new bug?

will try to reproduce
Newbie
Sep 20, 2015
48 posts
63 upvotes
Nepean, ON
hmmm.. not reproducible..

will stick to incognito mode from now on just to be safe
[OP]
Newbie
Mar 8, 2017
15 posts
7 upvotes
ottbram1 wrote: i saw the same issue! just today
maybe a new bug?

will try to reproduce
I contacted the support and they made me change my credentials. The guy was quick to declare it resolved but I tried again before disconnecting from the chat and it was still happening. I had to be a bit forceful to make him escalate the issue to the dev support. Can't believe this is not taken as seriously as they claim!
Still waiting on the dev guy to call me...
Member
Jun 22, 2006
285 posts
20 upvotes
Vancouver
OP, were you username and password saved in the browser? did you wife used the her saved password and auto fill feature from your browser? I noticed the same issue when the username and password are auto populated. I don't think the questrade login page triggers the fields update when they are auto populated. I have to change at least one character in username and change it back. (this will trigger an update to the model, they are using angular, so the field (view) and model are separated, the values sent over to the server are from models).
[OP]
Newbie
Mar 8, 2017
15 posts
7 upvotes
xgbsSS wrote: Did you try PMing @Questrade here on RFD?

As an aside, I manage three different accounts on Questrade, and haven't had the same issue. I'll keep an eye on it.
No but I believe my earlier chat with the support should suffice.

I noticed that when I logged out, then visited another website before letting my wife log in, it did not happen. I witnessed it when logging out & back in right after.
[OP]
Newbie
Mar 8, 2017
15 posts
7 upvotes
compass wrote: OP, were you username and password saved in the browser? did you wife used the her saved password and auto fill feature from your browser? I noticed the same issue when the username and password are auto populated. I don't think the questrade login page triggers the fields update when they are auto populated. I have to change at least one character in username and change it back. (this will trigger an update to the model, they are using angular, so the field (view) and model are separated, the values sent over to the server are from models).
No I'm pretty careful with security and am a developer myself so I know how auto-logins can go wrong... Everything was typed in manually under my eyes and the bug was reproduced multiple times on multiple browsers.
Deal Fanatic
Feb 4, 2015
7160 posts
3364 upvotes
Canada, Eh!!
Did you recently update browsers? That can sometimes change settings to default which in some case include saving logins and pw.
.......
July 13, 2017 to October 25, 2018: BOC raised rates 5 times and MCAP raised its prime rate next day each time.

2020: BOC dropped rates 3 times and MCAP waited and waited to drop its prime rate to include all 3 drops.
[OP]
Newbie
Mar 8, 2017
15 posts
7 upvotes
georvu wrote: Did you recently update browsers? That can sometimes change settings to default which in some case include saving logins and pw.
I barely use Safari, only if I want to check a website that won't work with Chrome (last time was probably months ago). I would assume that if it was a browser's issue it would only appear on one but not two different ones. We have had pretty much the same routine when checking our accounts on @Questrade with my wife for the past year and never had a problem.
I still haven't heard from either dev support nor their customer support to whom an email was sent this morning around midnight...

Top