Editor's Note: Microsoft on Friday released a patch for the problem, again restoring Money 2004 customers' access to their financial data. See details at Today@PC World, our staff blog.
It's the end of the month--bill-paying time--and some Money 2004 users are wishing they'd kept their cash in an old mattress instead of relying on Microsoft's financial software. A snafu with a couple of Microsoft servers has frozen users' access to their own financial data, even though the encrypted files are on the hard drives of their own PCs.
Microsoft officials acknowledge the ongoing problem, which began Monday, and say they hope to have it fixed by midday Friday. Meanwhile, unable to view their budgets or pay their bills, many affected users are livid.
"Clearly they screwed this up and have cost all of us time, and money!" says one user's post on Microsoft's Money Community Newsgroup.
Kenneth T. Van Wie, II, a computer consultant in Atlanta, agrees. "It is unacceptable that this could happen," he says. "While I have been inconvenienced by not being able to access my financial records, what about the small business[es] that use this program for their day-to-day financial operations?"
One desperate user noted that he's leaving on his honeymoon and can't use Money's online options to pay his bills.
Microsoft officials claim not to know how many users are affected by the glitch, only calling it "a subset" of all Money 2004 users. But more than 90 individual users have posted hundreds of queries on Microsoft's Money Community Newsgroup. Some suggest that Microsoft wasn't telling them the whole truth about the problems.
Van Wie suggests that thousands of users might be affected, though there is no data to support such speculation.
The problems plague only Money 2004 users who chose to use one or more Money online services that are guarded by Passport authentication; among these are MSN Bill Pay and online banking. Money users who don't use the online services option are unaffected. And since Passport isn't the problem, e-shopping sites and other services that use Passport continue to work, a Microsoft spokesperson points out. Finally, Microsoft says that users who logged into Money before Monday afternoon or after Tuesday morning--and not in between--are unaffected.
One mitigating factor is that most, if not all, users can still get financial information from their banks and creditors and can write checks manually. But users protest that not being able to view all of their financial information at once can cause confusion and small disasters such as bounced checks and overdrafts that will cost individuals and small businesses time and money.
How It Happened
Money gives users the option of having the Passport server-based authentication system protect files stored on their own PCs, encrypting the files so that only authorized users can read them. That provides excellent security; and though the feature is not mandatory, Microsoft encourages users to take advantage of it.
As users found out this week, however, putting all of their financial services, including electronic bill-paying and Web-based e-banking, in one basket can turn into a financial nightmare when the encryption key that guards everything becomes inaccessible. It's like a bank forgetting the combination to its safe on payday.
The problems began Monday afternoon, when users went to sign in to Money using Passport and received this cryptic message:
"The sign-in name you entered is not associated with this file. Please enter the correct sign-in name or open another file."
Over the weekend, Microsoft personnel had made a change on a server used by the authentication mechanism, and that change causes the software to look in the wrong location for Passport information. To make matters worse, backups--even ones on the users' hard drives--are rendered inaccessible because they, too, are encrypted; the only access is through Passport.
Users are especially angry that it took Microsoft two days to acknowledge that it is the source of the problem. Some Money users posed questions to other users on Microsoft's Community Newsgroup for Money.
"Microsoft handled this badly," says Rob Enderle, principal analyst for technology analysis firm The Enderle Group. "People's money is very critical to them."
The worst fallout for users, however, may be what they perceive as a combination of Microsoft's attempts to put the best possible spin on the situation and its lack of attentiveness to users' demands for full disclosure. Early posts on the Communities Newsgroup for Money indicate that Microsoft tech support was unresponsive, sending out a canned message suggesting that users bypass Passport authentication. When that didn't work, some users were told to spend $35 on a paid "support incident" with Microsoft Product Support Services.
Finally, late Wednesday, a Microsoft employee posted a notice to users on the newsgroup site that appeared to contain as much spin as information:
"If you think of your login information as a key, and our servers as a lock, then we changed the lock on the safe, and the old key wouldn't work anymore. There is no way for the user [or anybody else] to create working login information. The good news is that nobody could open the local file because of this mistake at any time; your information is still protected."
At this, many users ran out of patience. "I've spent a lot of time trying to figure this out, only to discover that the problem is on their side, and they're well aware of it," says one user's post, whose subject line is a curt "shameful." Another suggests filing a class action lawsuit.
Microsoft should have been immediately forthcoming about the nature of the glitch and the company's responsibility for it, and it should have been more contrite, Enderle says.
On Thursday, Goca Micic, Microsoft group marketing manager for the home retail division, said Money users can get free support to deal with this problem, though through a toll phone number--425/637-9308. Micic says that the offer is open to some Money 2003 users who may have the same problem.
But besides toll charges, seeking long-distance help may require even more patience. Van Wie says he spent more than 4 hours on hold for Microsoft tech support on Monday, only to be told that no fix existed yet.
"I am very angry about this situation," Van Wie says. "I am angry that it is the end of the month and I can't do end-of-month reporting; I can't send out end-of-month client statements....this is becoming an ever larger problem for me and many others."
Some users are so frustrated after waiting most of the week to get back online that they are considering switching from Money to Intuit Quicken, Money's biggest competitor.
This follows years of security glitches in Microsoft's more mainstream products like Windows, Internet Explorer, Outlook, Outlook Express, and Office. The most recent spate of problems with Internet Explorer, for instance, has caused some users to abandon the browser in favor of Mozilla or Opera.
"Microsoft has been gaining a rep for having low-quality products," Enderle says. How can Microsoft change that perception? "They need to love the hell out of their customers," Enderle advises. "Otherwise, this will be a disaster."