Security considerations following SLS opt out

Overview: 

Account holders who have elected to opt out of IBKR's Secure Login System (SLS) effectively relinquish the protections afforded by Two-Factor Authentication. They are strongly encouraged to utilize alternative security measures, with one of those being the IP Restrictions. By selecting this setting through Client Portal, you're telling Interactive Brokers that you only want access to your trading platforms from a specified IP address. In addition, should you have multiple authorized traders for a given account, these restrictions can be set at the individual trader level by the master user of the account. 

 

Preliminary checklist:

Before setting up the IP Restrictions, you will need to:

  • Know your WAN IP Address. That is the IP address exposed on the external (Internet) side of your network and it is different from your local IP address (called as well LAN IP address). If you trade from a company office, you can ask your IT or Networking department for the WAN IP address of your computer. If you connect to the Internet through a private broadband/cable/satellite connection you can get this information from your ISP (Internet Service Provider).
  • Make sure that your IP address is static. This means your IP address will always remain the same, and will not change upon router/modem reboot or after a certain time period. The same entities which provided you with the WAN IP address, can as well clarify whether it is a static or dynamic one.
  • Be aware that IP Restrictions are not effective immediately. Our systems apply the filters during their daily overnight restart. It can take up to 24 hours until they are active, depending on the time you submit your IP Restrictions request. The same applies when you modify or remove existing IP Restrictions. Please be sure to consider this when you are planning your course of action.
  • The IP Restrictions will be applied to ALL Trading Platforms offered by IB. It will not affect Client Portal access, which will remain accessible from any IP address.

Note:

Please take note that the technical ability to misrepresent one's IP address exists, and full account protection is only ensured by using SLS Two-Factor Authentication (ibkr.com/sls).

If you have any questions on the topic, please feel free to contact IB's Technical Assistance Center.

How to set the IP Restrictions:

  1. Login to Client Portal and click the menu icon in the top-left corner.
  2. From the left side menu, click on Settings, then on User Settings. Then click on the wheel (configure) icon next to IP Restrictions.
  3. You will see a brief description of the effects of IP Restrictions. To set up a new IP Restriction, click on Add IP Restriction.
  4. Select the Trader from the drop-down list and enter the IP Address (in the format xxx.xxx.xxx.xxx) you want to allow for him. Then click on Continue.
  5. If you logged into Client Portal without using the Two-Factor Authentication, you will now receive an email1 containing a Confirmation Number. Enter it in the Confirmation Number field. Once done, click on Continue to submit the request. If you logged in to the Account Management using a security device, please proceed directly to point 5.
  6. If the operation completed successfully, you will see a confirmation screen. Click OK.
  7. The system will now list your active IP Address restrictions. Should you want to create an additional one, click again on Add IP Restriction, otherwise navigate away from this section

 

Opt-out and IP Restrictions for Penny Stocks traders:

Clients who have elected to perform an opt-out, thus using the Two-Factor Authentication only for the Client Portal, must activate the IP Restrictions in order to be able to activate Penny Stocks Trading Permissions.


Additional best practices for securing your computer and your network

  • When logging into the TWS, activate the checkbox “Use SSL” on the login screen. SSL (Secure Socket Layer) guarantees that all the information exchanged between your computer and our servers is protected using 128-bit encryption.
  • Use a firewall to prevent unauthorized access to the services exposed by your network or/and computer. During the firewall set-up, please make sure you authorize the host/ports listed in section DESKTOP TWS of KB2816.
  • Use antivirus software to identify and eliminate viruses which might have infected your computer.  As new viruses are constantly being created, you need to update the threats database of your antivirus software regularly.
  • Use anti-malware software to detect and remove spyware/malware programs which can collect various types of personal information, monitor your browsing activity and interfere with the control of your computer. Nowadays many antivirus solutions include a built-in anti-malware protection.
  • Refrain from using wireless connections (Wi-fi) which are public, unsecured or not operated by you. If the use of a unsecured network (e.g. public Wi-Fi hotspot) becomes necessary, do not log into any financial institution account you may have, including your IB account.

 

Notes:
1. If you have not received the email, please make sure it did not land in the Spam/Junk folder of your mailbox and possibly add the email addresses donotreply@interactivebrokers.com and help@interactivebrokers.com to the trusted senders list. You can then request a new email to be sent to you with the button Resend Confirmation Number.