This thread began back on February 11. I posted a complete description of the problem the same day. Thirty-six days and five pages of comments later, we still don’t have an explanation.
The original symptom reported was that users could import their own tax forms, but not their spouse’s tax forms, from Fidelity. However, this was only a symptom of a much more serious problem. The underlying problem was that TurboTax was automatically importing tax forms from Fidelity without ever prompting for a Username or Password. If TurboTax never asks for credentials, you never get a chance to enter your spouse’s credentials. THIS IS A SERIOUS SECURITY FLAW, and Intuit won’t say how it is happening.
I can’t imagine how TurboTax could import tax forms from Fidelity without giving Fidelity a Username. If I didn’t enter it, where did TurboTax get it? Was it stored on Intuit’s website, buried in the 2021 tax data I imported, or saved in a cookie that TurboTax created a year ago? (I really doubt that TurboTax got it from my browser history or from a cookie that Fidelity created.) Intuit won’t say why TurboTax doesn’t just ask for it.
The Username issue is bad enough, but the Password issue is much worse. Did TurboTax have some way to bypass supplying a password to Fidelity? Or did TurboTax save it from last year or find it lying around somewhere on my computer?
Fidelity now requires two-factor authentication to access an account, but TurboTax somehow imported my tax forms without going through two-factor authentication. How did TurboTax do this?
There have been many posts on this thread. Some are only concerned with the inconvenience of not being able to import their spouse’s tax forms. Many deal with the fact that TurboTax accessed their Fidelity accounts without a Username, Password, or two-factor authentication. Some posts propose solutions. I got my wife’s forms imported by trying to duplicate db9fan’s results. I did not clear my cookies or browser history (at that time). There have been many updates to TurboTax since February 11. I tried importing tax forms into TurboTax while I was logged into Fidelity. It correctly required my Username, Password, and two-factor authentication. Maybe the updates fixed it, but I can’t reach that conclusion until Intuit confirms it.
THIS IS A SERIOUS SECURITY FLAW! Intuits only response is to deny saving our login information. CarissaM (Employee TurboTax Specialist) posted a link to a page that says, “We use them (cookies) to personalize your experience… They may make your browser think you already did something that you still need to do.” That quote is consistent with TurboTax using information in cookies to bypass logging into Fidelity.
How did TurboTax access my Fidelity tax forms without a Username, Password, or two-factor authentication? What has Intuit done, or what does Intuit intend to do, to prevent this from happening again? Thank you.
