I had the same trouble with my bicycle combo lock, wound up walking home in the middle of the night.. better than getting hit by a car while on the bicycle probably, on foot you can do that last minute dodge thing and have a fighting chance at least...
The only risk for both methods is to loose the card/device. It kan be tat there are "only" 50.000 challenges with the passcode card, but you also have to know these challenges. And each token is also unique and tied to a specific account. So in practise, security is equal.
The token has a PIN required to activate it properly. Enter the wrong PIN and it still activates but it produces the wrong replies. Lose the passcard (or just have it copied unknown to you) and the security it provides is gone. From a protection standpoint I like the 100,000,000 challenge \reply pairs as opposed to 50,000. Jack
Does the new added security protect against anything but phishing really? Paypal has the same thing in beta BTW
I think it depends on how paranoid a view you take of "the threat". The TWS connects (if so selected) over the internet using the secure socket layer. This immensely reduces the chance of your being attacked by a non-government entity using the "man-in-the-middle" technique. So, as you state, I agree that phishing is the main threat. However, if you trade from an insecure location where someone can get at your machine the new security scheme eliminates the ability of someone using one of the auto-login programs available for TWS to login in your absence. It also eliminates "key capture" techniques and plain old watching you log-in and learning your password. If you trade from a "secure" location like your home it prevents the same thing from happening if your spouse/in-law/children/visitor uses the auto-login. This assumes that you do not leave the passcard on the computer stand. The electronic token still requires your PIN so it could be left there with some feeling of security. Jack
Actually, they are equal for the following reason. I have been told by Tech Support... That after 4 failures your account is LOCKED for 2 hours... Which is a truly INSANE policy if true. Since brute force attempts... Would require thousands of tries for the card... And millions for the Security Device... What idiot chose the small number 4... At which point a trader is locked out of his account. For example... The Security Device could not possibly be used by anyone... With eyesight problems, tremor in their hands, a migraine headache, any number of medical conditions. These devices DISCRIMINATE against handicapped people... And unless an alternative is readily provided... Would be ILLEGAL under Canadian law. IB has no right whatsoever to lock the Customer out of his account... For such ill-conceived, arbitrary reasons.
Q+: What number of tries would you consider reasonable prior to the temporary lock-out? How many tries for the card and how many for the token? Did your customer service contact indicate whether an email would be sent advising the customer of the lock-out and the possibility that their account was under attack? I guess in Canada IB could issue the less secure card to provide for the handicapped, if so requested\required by law. Jack