Best Security Practices for Clients

Overview:

We go to great lengths to keep client accounts secure. This document provides recommendations to safely operate and maintain your trading operations with us.

  • Regularly check your account balances and positions through TWS and the daily statements available in Client Portal.

  • Immediately report anything suspicious by contacting Client Services through any real-time method (Live Chat or Phone Call) listed under ibkr.com/support.

  • In the event that we detect unusual or suspicious activity, being able to contact you is essential.

  • Accordingly, you should always ensure that the contact information you have provided (e.g. telephone numbers, email address) is always accurate.

    • To update your contact information, log in to our Client Portal. From the main menu, select Settings > User Settings and go to the Communication panel.

  • Lock your computer if you're leaving it for a period of time by setting up a password protected screensaver. Always turn off your computer when you have finished using it. This recommendation is imperative for mobile computers and highly recommended for shared machines.

  • Avoid accessing your brokerage account from public computers. Some of those may have been targeted by hackers and have a keystroke-capture software. If you must use a public computer, remember the following:

    • Use the virtual keyboard on the login window to avoid having your keystrokes captured.

    • Log out after accessing your account.

    • Never leave the computer unattended while logged in.

    • Clear the browser cache after logoff so that no sensitive information remains stored on the computer.

  • Regularly check for security updates and patches for your operating system and use the most current version of your browser.

  • Create separate profiles (user/password protected) if your computer is shared with a third party.

  • Do NOT share personally identifiable information like your SSN, Credit Card number when answering an unsolicited email, phone call, text message, or instant message. In case of a doubt, ask for a name and a callback number, as well as an internal reference number for the communication.

  • Do not share files unless it's absolutely necessary. It's a smart idea to disable the file and printer sharing features, but if you decide to use these, make sure that you configure the access permissions with strong passwords, and only share for specific users.

  • Consider the encryption of your email communication:

    • It's important since it protects you from a data breach, and from the hacker to read your messages (the hacker won't have access to the information).

    • Either configure your email settings to encrypt your messages, or use an end-to-end encrypted email service (e.g. ProtonMail).

  • Beware of phishing - phishers try to trick you into clicking on a link that may result in a security breach. Make sure that for sensitive information and login, you mouse over links and/or verify the website's address in your browser's address bar.

  • We recommend that you use a pop-up blocker (sometimes integrated in your browser) and set its security filter to the highest possible level. Then either add our website to your list of "trusted" sites, or disable your pop-up blocker while using our website.

  • Use email safely, and delete without opening messages that don't originate from a trusted source as they may contain harmful attachments or links, or may be an attempt to fraudulently obtain sensitive information. Turn off the "preview pane" in your email system as this function can allow some viruses to be executed even if you never open the email. Make sure that you add to your address book our email addresses.

  • Use the maximum characters available and avoid simple or duplicate alphabetic and numeric sequences or passwords containing personal information.

  • Do NOT share your password with anyone.

  • Change your password frequently and do not use the same password for multiple systems.

  • Do not leave notes on your monitor, keyboard, desk or drawer to help you remember your passwords.

  • Use a password manager to store your passwords. This software will not only allow you to generate complex passwords, but as well to store them securely.

  • The Secure Login System provides an extra layer of security to your account at no charge through the use of a free physical security device or IBKR Mobile Authentication. The enrollment in our SLS program is mandatory.

  • We offer the following solutions:

    • SMS (automatic enrollment at account opening).

    • IB Key Authentication via IBKR Mobile (available to all our clients - requires a smartphone).

    • Digital Security Card + (available to accounts with a balance greater than 500K USD).

  • We support multi-2FA, meaning whenever possible, we recommend users who have an active DSC+ to also activate IB Key on their smartphone.

  • Click here for an Overview of our SLS Program

  • Click here for an details on IBKR Mobile Authentication

  • To prevent the login to your account from an unauthorized computer, enable IP Restrictions via the Client Portal.

  • With IP Restrictions active, login to your account on any of our platforms (Client Portal, TWS and IBKR Mobile) will only be permitted if the device you are using is connected to the IP address(es) you've previously designated.

  • Click here for further instructions on IP Restrictions