I agree there is an issue for automated traders. As you know, we take suggestions from our customers very seriously. A public forum isn't the right place to game plan security solutions for API customers. If API traders could please send an Inquiry tickets and put me name in the subject with their thoughts, I would appreciate it. I would like to start a dialogue and see what solutions we can come up with. I like the idea of removing permissions for easily manipulated products for those who choose to opt out, but Iâm interested in what you guys think will work.
I disagree. If not this forum, some other public forum is the best place to discuss security threats and possible solutions. Thieves will be reading the discussion, no doubt. But they're not going to quit looking for vulnerabilities. Our objective should not be perfect security, but merely the best in the industry so that the thieves go elsewhere. They always go after the easiest prey. It's important for us customers to understand the threats, and we cannot come up with the best balance between security and ease-of-use without putting our brains together.
IB, In addition to having a list of tradeables that are allowed. You could also alert the customer if any order is entered that tries to trade something that is not allowed. This would alert the customer that something funny is going on. When that happens the customer could then change the password etc. The other option would be to lock the account -- no more trading or fund transfers until the customer resets the password or whatever.
I look forward to the day when retail traders (well, ones that don't use an ATS) can just rent from the broker a hand-held tablet computer with EV-DO or Wimax, running a closed OS certified by the broker.
rwk, I apologize. My statement wasn't intended to stop the conversation about security on this forum. My only point was that I would rather let IB API customers know what we implement through a secure channel. We've gotten a lot of ideas from the postings on this thread. We will consider them all. Weâre not trying to inconvenience our customers. We're trying to protect them so your feedback is extremely important.
Goodbye IB. You make 25K a month in commissions from me, but no more. Without automated login, Im leaving. Does anyone know if Genessis securities has the same problem? Im really pissed that I have to recode my API's now.
traderdragon2, Read the entire thread. We will let you opt out, and we're looking into other ways to protect the assets for customers that auto log in.
additional security measure is the norm for future electronic commerce. no need to whine about it. you can switch, but you can't run away. in the not too distance future, ALL the brokers and banks will require you have have additional security measures, whether it be a dongle, keychain, e-cert, fixed IP, smartcard, or finger print, iris pattern, etc., LOL, or whatever the latest technology can offer. I have been using a keychain with my bank for a year now. I travel a lot, and am always worry the keychain would run out of battery while I was on the road, or misplaced it during my transfers. It is NOT convenient, but I have never felt more secure. I use a smartcard to access a company I deal with. It stays with my notebook. No hassle in using it. But if I lose my notebook, the smartcard goes with it. LOL. I have an e-cert for another access. The operation is transparent. But the access is limited to the computer the e-cert is installed. We should thank IB for being on the forefront of the security edge.
My requests just showed up on the IB Features Poll. The request for filters to disallow trading is #2356 (protection against fraud). I also entered #2355 (Single security device for multiple accounts). I have 2 devices now, and I prefer to be able to use either with each account. The next best is to have only one for both accounts. [rwk2095]