I'm really worried about hackers and criminals and have been searching about different brokers' policies regarding UA. I know that Charles Schwab covers 100% of any losses due to UA. But what about IB? I can't find anything. Thanks.
Ok, just found the answer. IB doesn't take responsibility. Responsibility for Customer Orders/Trades: Customer acknowledges that IB does not know whether someone entering orders with Customer's user name/password is Customer. Unless IB is notified and agrees, Customer will not allow anyone to access Customer's account. Customer is responsible for the confidentiality and use of Customer's user name/password and agrees to report any theft/loss of such user name/password, or any unauthorized access to Customer's account, immediately by telephone or electronically through the IB website. Customer remains responsible for all transactions entered using Customer's user name/password.
I'm not sure that would hold much water if the username/password was obtained by a hacker due to a data breach on IB's side.
IB have 2 factor authorisation phone app/card/secure access device to login and you can only withdraw money to a bank account in your name.
I'm terrified of UA, especially unauthorised trades. We have no idea what capability those criminals have? Is 2 factor authorisation enough?
Yes 2FA enough. The security concept is "what you know and what you have". In other words, you *know* your username and password and you *have* your personal phone (or IB issued security device). Obviously your username/password can be leaked from a security breach or more likely you're reusing passwords from multiple sites or using weak passwords. IB's username policy actually makes this less of a problem since you can't choose your own username. So even if you reused a leaked password an attacker still probably doesn't know your username. Losing your phone is very unlikely since people are very protective of them. Is it possible to bypass 2FA? Yes, if you've been specifically targeted by hackers and they have the ability to sniff your smartphone data. In other words, it's very hard and very unlikely. IP restrictions are fine except for when you're traveling and want to trade.
Thank you. I don't use my phone for 2FA. I use digital security card. I hope it is safer than using my smartphone.