Got notification from IB, that 2-factor is now required for trading. In the past, I could opt out just for trading while still keeping it for account management and withdrawals. Which is really a perfect balance between security and function. Having a possibility of MFA popup at any time of a day is a major problem for automated trading. For example - IB gateway can crash, server restart, network connection lost, all easy to auto-heal but not with MFA. @def, is there any chance IB could accommodate fully automated trader? I will be more than happy to configure any other security measures (IP whitelisting, encryption keys etc) or/and sign a waiver. Thank you, Val
My personal experience with IBG 2-factor auth is not that bad. I connect to IBG once a week. Yes, it needs a manual intervention, and yes it would have been nice not to. As for the major identified problems: IB Gateway crash: I cannot remember when was last time it had happened (several years?). Network connection lost (problem as ISP): IBG reconnect by itself without any authentication method. Server restart: Again here, I cannot remember last time it had happened. And for possible power failures, which is happening a couple of time a year, I'm using UPS for my server and network gears.
Good points. I am certainly not talking about something that happens every day. There are quite a few hypothetical scenarios that can trigger MFA, including unknowns, so rather than listing/addressing them 1 by one I would prefer to avoid the problem all together. So I can sleep better at night, enjoy my vacations, go on hikes without cell coverage and work on other business ventures without worrying about that MFA request popping up on my phone and not hitting it in time. I could hire someone to do that. But that basically defeats the purpose. As this person would increase the cyber security risk that IB is stating as the primary reason for the policy change. Plus adding extra cost of doing business, that could be easily avoided.
Ideally you will be able to opt out again. But there could always be some low probability issue than can happen when you are away? Bug in your automated system software. Hardware or OS failure on your trading machine. Extended connectivity outage between your trading machine and the IB server. Bug in on broker server side software (happened to me twice over the years, where my orders didn't execute correctly due to IB software bugs after they did a server side upgrade). Problems at the exchange. How would you handle the above if you are not paying attention and also out of cell phone coverage so cant get any alerts?
Those that I have no control over I don't obsess over and consider as just a cost of doing business. Eg exchange outage or IB bugs. Fortunately they've been once in 1-5 years kinda events, and there are some strategy design choices that can be made to reduce associated risks. Wrote about that in my journal. Though it's probably TLTR at this point. Server failure risk is nearly eliminated thru virtualization. For past 3 years, my setup runs without any manual steps for months at the time. Health checks are automated as well. At this point they find problems probably better than I would and notify me by phone/email. This happens every other month and typically can be dealt with after-hours. So I am at the point where I can check my phone once a day, and occasionally take a leap of faith and disconnect for 1-2 weeks. Occasionally there is a cost, occasionally there is gain. Trading MFA requirement significantly increases the risk of missing trading session if not dealt with immediately. This requires very different level of alertness and involvement.
I really doubt you would ever get a second MFA request unless Gateway has completely crashed (or hung and so has be restarted as a fresh process). Why would it need to otherwise? How often has Gateway crashed or hung in the past? I used TWS for automation for years, I never had a problem with it crashing or hanging and Gateway is much more lightweight. Not saying it couldn't happen, but it will be one of those very rare events you probably shouldn't worry about.
I keep my IB Gateway on from Sunday afternoon to Friday night. It automatically restarts daily, 2FA is only needed on Sunday when I login. Daily restarts don't need 2FA and you don't get any notification to confirm. https://guides.interactivebrokers.c...sguidebook/configuretws/auto_restart_info.htm
I wish. Been running with MFA in a past and MFA request popping up at the time I didn't expect it was the #1 reason for missed entires and exits for me. That didn't happen every day, but over the course of a year was the main thing messing up with fully automated setup.
Interesting thread. I've had problems with IB Gateway restarts in the very recent past. My computer time is set to Chicago, even though I live in Sydney. The problem seems to be that when I start IBG on a Sunday Sydney time (Saturday Chicago time) IBG doesn't request 2FA when it restarts on the Sunday. It often requests this on the Monday or Tuesday. This is too random for my liking as I like my sleep, and don't like waking up with a login request on my screen. KH