Why is everybody bitching about this new added layer of security? It is clearly a plus from the investors/traders side. *** There has been an announcement made way earlier, not just a day or two days ago. It is wrong to say that this is absolutely new and came without prior notification. *** Maybe you should see it from IB's perspective as well. Who wants to run a brokerage and listen to the bitching of those traders with 500-2000 bucks in their account? And I strongly assume that those are the guys who are the loudest wining about this new device. Nobody in their right mind with 100k plus (and sometimes into the millions) would prefer less security of funds over more, especially given this is free to us. (I can only speak for my account). Also IB rids itself of possible lawsuits by doing all they can do to provide a safe trading environment. IB should have even charged small accounts for this device (do they? No idea).If a small charge for security is already too much for someone then that person should maybe also conclude that their account is way too small to ever trade successfully. *** What is that argument about the hassle of having to input an additional code when logging in? Give me a break. If someone is really trading ticks, meaning trading in and out within seconds/minutes, they should consider a different broker model anyway. TWS is not designed to scalp, and I say this only because it is simply not a stable platform. (IB will of course tell you otherwise as they love your commissions, and also the guys who try to sell you all those API front ends for rediculous amounts will also scream at me now, I guess) I dont think anyone in here has not experienced sometimes frequent TWS outages. Come on, if you really believe you can make a decent living scalping then at least dont be cheap but get xtrader or similar platforms that are way more stable. (and those who mentioned that they trade with some API on other remote servers, this also applies to you, TWS is not designed for that) So, I dont follow this argument at all. Someone who is too lazy to enter an additional code for proven benefit is in my opinion not fit for trading. Trading is a difficult job (to trade successfully) and those who wanna trade from the couch should better consider an entire different profession. This sounds very sarcastic and I think it is to some extent but I am so tired of hearing this endless rambling of some of those who cant be bothered with improvements that really make sense. I understand you dont care much whether your 500 bucks get diverted to some Eastern European country by hackers but I do care and everyone else with meaningful account sizes should care, too. Just my two cents...
Think again: Mandatory security device by itself is acknowledgment of a security problem. Opt-in model would put onus back on client. Breach of a mandatory device would represent a flaw, bug, weakness, whatever you want it called, with the device issuer clearly at fault. If the device interferes or precludes client trading activities, the potential becomes greater for fraudulent service and advertising claims, as well as arbitrated settlement cases.
Right on the money. For those complaining. Most professional trading platforms have a similar security device. And rightly so.
But if they don't allow multiple simultaneous logins, this wouldn't be an issue, I think. I'd still worry about a trojan that provides interactive remote control of the system. Bad guy waits for the screen saver to kick in and then starts clicking and typing on the TWS window to trade.
Though a broker cannot force it on a client, it seems to me that possibly the best measure a user can take is to run nothing else other than the trading software on the machine, and use another box for everything else. Probably just as secure and cheaper and more convenient is to run the trading software in it's own virtual machine using VmWare or similar. Virtualization has a lot going for it, including backing up the whole VM into a file making system restores a snap. Even better run your Windows VM hosted on a MAC or Linux box.
I do run TWS on a machine with absolutely nothing else on it, fully locked down. That is half the point of me renting a box. The problem is, it is strategically located half-way around the world - to optimize ping times. I can't be flying across the world every time I log in to authenticate. I would have made arrangements to switch brokers earlier on if it wasn't for the promise made on the other thread that there will be an opt-out.
Quite agree, it is completely unsatisfactory for ATS. I wonder what they are doing about authenticating the FIX client ? I do find it a bit hard to believe that IB will not come up with a satisfactory solution. They do have a track record of listening to customers and it seems hard to believe that they would knowingly drive away clients running ATS.
On the first point, it's true if you prohibit another login within a minute, it's better -- though still not as good as challenge & response bec a key logger can siphon the credentials and login before you hit enter. A challenge & response is immune as the challenge is unique to a session. On the second point, that is very hard to prevent if someone built such a tool. But fortunately it's a hard tool to build and spread. I think a well designed challenge/response STP with auto-reconnect after short disruption and migrating the client API to be authenticated in the future would go a long long way towards improving security and would love to see this implemented soon. A minor additional nitpick of the STP functionality for account mgmt -- leaving Deposits unprotected, as it is now, does not seem like a best practice.
Anybody who talks about the benefits of a security mechanism without discussing the costs is an idiot. Ever heard the phrase "single point of failure"? I have multiple computers and multiple Internet connections. No single failure could keep me out of my account... Until now. Starting yesterday, I have to use this little device to log in. When it fails -- and everything fails eventually -- I will be unable to open or close positions for... Well, I wonder how long. The IB security device is a horribly conceived initiative, period. It is total crap. IB should simply indemnify its users against unauthorized trading LIKE EVERY OTHER BROKER DOES. It would actually be cheaper in the long run. (And yes, I manage considerably more than $100k.)
I asked cust service about the single point of failure issue when I went to STP for funds mgmt. I was instructed to set up a 2nd username, which I have since done. This seems reasonable to me.