Anyone use the Google two-step verification process for logging into your account? Looks pretty good. After you sign up, you enter your user id and password as always, but then you get a text on your phone with a number to enter for verification. This might be an idea for a broker for added security.
works fine - never any probs for me. i'd strongly suggest you do this. yeah it's a pain to enter in the code (you can have goog "remember" a computer for 30 days so you don't have to keep entering it). but it's a bigger pain to find out your email and whole life was hacked. w/ 2 way authentication it's almost impossible for your account to be hacked.
A hacker would need physical access to your computer, and your password if you log out every time you stop using the services.
they would also need access to your phone (if that's how you're getting the two way authentication codes). i get them on my rimm which is password protected itself so it's impossible to get the code unless someone breaks in and puts a gun to my head but at that point i guess i'd have bigger probs than worrying that someone will now be able to find out that i'm on jack hershey's email distribution list
Most organizations have done this for over a decade using RSA SecurID tokens. I wouldn't doubt if some brokers have also used them. There was a compromise in 2011.