IB Clients, do you use your security device to log-in?

Discussion in 'Interactive Brokers' started by Traderham, Jan 17, 2011.

Do you use your security device with IB?

  1. Yes, I use it

    56 vote(s)
    83.6%
  2. No, I opted out

    11 vote(s)
    16.4%
  1. I have two accounts with IB (one IRA and one trading). I had two security devices, one for each account. One was that card with tons of codes, and the other was a key ring device where you press a small button and it displays some numbers. I finally integrated both accounts so now I only use the key ring device.

    But I HATE this thing. Every time I want to log in through my home computer, laptop, or now my Droid phone, I have to find my keys and enter the generated code. I know we can opt out, but then we're not covered for any kind of fraud that may occur on our accounts.

    My laptop and Droid don't remember the username/password, so if it's stolen, it's still worthless to the thief. I'm pretty savvy so I'll never fall for any phishing schemes where the'll steal my password. And I know no one will ever install a "key logger" on my computer.

    I'm thinking about opting out of this extra security for convenience. Wondering what other users are doing. Do you use your security device or did you opt out?
     
  2. I had my Citibank account hacked into and several thousand dollars stolen a few years ago (which was eventually recovered). So in my view the extra measure of security IB's login device provides is a welcome thing.

    Have you considered wearing the device on a chain around your neck at all times since you seem to be having trouble keeping track of it? :D
     
  3. rwk

    rwk

    I also have two accounts, margin and IRA, and I have two of the platinum (credit card size) devices. The small keys are hard to press just right, and sometimes I have trouble reading the display, especially first thing in the morning. But I like the security it gives me, and wouldn't do without it.
     
  4. cstfx

    cstfx

    Yes, I use it. It's a no brainer.

    If you want to access it without the key, you can set up an additional log on id that does not use the keys and you can limit it to very limited activity, like trading, but as you know, you still open yourself up to someone hacking your id and making trades into your account ala that infamous pump and dump case out of Eastern Europe a few years ago which prompted this type of security.

    As an added step, then, you can use this key-less logon but specify a specific (or a few specific) IP addys that can access your account. I run one instance of TWS on a server w/o the keycard but because this logon is tied to a specific IP addy, it is relatively secured.
     
  5. Bank of America has neat little feature where they will text you a one-time key to your cell phone. That's a great solution, as it's a totally different channel, and I always have my cell phone with me.

    That being said, I've used the tokens I have for years, and they work well and are easy to use.
     
  6. joe4422

    joe4422

    For any one who is concerned about security, they are very happy about the token. I just keep mine next to my trading computer.
     
  7. Daal

    Daal

    Yes and I have a copy of the card in case I lost it
     
  8. If this were really true, you would be asking this...
     
  9. CSFX, thanks for the info. I had no idea I could set-up an access for trading only which does not require this extra authentication key. This definitely seems like the way to go. Sure, I remember that pump and dump scheme years ago, but I'll take my chances.

    BigFunkey, I'm not worried about someone hacking my computer, but I'm worried about a screw up on IB's end. A rogue employee, their system getting hacked, etc.

    Tradestation used a system of authenticating your computer. I really liked that method. Many banks use this method as well. When using an computer that has been authenticated, they could let you through without an extra key. But when accessing from another computer, they could require the key.

    Unfortunately, authenticating by IP address is an old method as most of us now have dynamic IP's rather than static. Times have changed and IB isn't keep up!
     
  10. moarla

    moarla

    well, set up a VPN to IBs servers, that works without Sec Dev and is safe :)))
     
    #10     Jan 18, 2011