[GNC-dev] [GNC] USAA FSB requires newer QWIN support

Keith Bellairs keith at bellairs.org
Sun Feb 14 21:19:28 EST 2021

My USAA checking and credit card seem to be working. My users/00000.conf is
using this client UID: I got it from quicken's OFXlog.txt file.

    char clientUid="39E0E763-4E1E-4918-9528-D6EBAC94EF5D"

Notably when the online action in GNC challenges for the account password
the required response is now the "Access PIN". No longer the web site
account password. Yet another password to track.

I cannot believe its working again. Thanks everyone.



Date: Sun, 14 Feb 2021 11:12:26 -0800
From: John Ralls <jralls at ceridwen.us>
To: Randy Johnson <rsjdev314 at gmail.com>
Cc: gnucash-devel at gnucash.org, gnucash-user at gnucash.org
Subject: Re: [GNC] [GNC-dev]  USAA FSB requires newer QWIN support
Message-ID: <CB5E6F20-A9A6-4493-89E9-9451B4826DB1 at ceridwen.us>
Content-Type: text/plain;       charset=us-ascii

Well, there's a UUID in that URL, but I just tried using it for the
ClientUUID and got "The user cannot signon because he or she entered an
invalid user ID or password." Using the one scraped from Quicken for MacOS
and reported in

That leads me to believe that USAA is using the ClientUUID as an API key.
Quicken may have registered one or many. I think the only way to find that
out is for more users to set up MITMs with different versions of Quicken
and retrieve the ClientUUIDs for comparison.

This makes me a bit leery of publishing it on the wiki, because if Quicken
or USAA catch on that it's been compromised they might change it and lock
us out again.

John Ralls

More information about the gnucash-devel mailing list