IB, Please keep the opt out, please dont change your mind again. If we are forced to use this for TWS. Then someone will have to invent a mechanical robot that can electronically activate and read the device display and then enter it automatically into TWS.
Ah ha. Mine's the smaller size. But I'm with you...I like the security regardless of the key size. OldTrader
IB could use an automatic device for API traders. Probably need something that could be read by the java TWS. Could also be used by manual users, save having to enter things manually. Only problem is you cant login without the device, so travelling or logining from work will always be a pain like others have already pointed out. There used to be this called a java ring, i remember seeing one back in 1998. http://www.eurescom.eu/~public-webspace/P1000-series/P1005/presentations/ch2.htm Not sure if it ever took off...
Maybe this has been dismissed already, but wouldn't it be far simpler to only allow withdrawals taking place to one of the originating bank accounts from which the user filled his IB account, or is there opportunity for fraud still? That, combined with IP locking, would mean very good filter. It is true that IP's do change from time to time, but mostly, when the LAN/router stays on line that doesn't happen, and when it does you could ask the user by email to reconfirm his approval. Ursa..
For foreign accounts....giving permission for wires to be sent only to the account from which the original funds came from via wire...would work better for me....
Ursa-- The fraud I'm concerned about (and there has been a huge number of incidents of lately) is where someone uses your account to buy large amounts of some penny stock. There was a widely publicized case just a few weeks ago where some bad guy controlled dozens of brokerage accounts and commanded all of them to buy a penny stock causing the price to skyrocket. He dumped it from his own account, and left the brokerage accounts wiped out. One case had $450k of assets completely eliminated. I'm not worried about wire transfers as much as I am someone making trades.
Here's one recent case: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2007/03/08/BUGGDOH6GP1.DTL Google turns up more.
http://www.washingtonpost.com/wp-dyn/content/article/2006/10/23/AR2006102301257.html There's another one. Use Google. $18M in losses from one broker in one quarter due to this attack.