Security considerations following SLS opt out

Übersicht: 

Account holders who have elected to opt out of IBKR's Secure Login System (SLS) effectively relinquish the protections afforded by Two-Factor Authentication. They are strongly encouraged to utilize alternative security measures, with one of those being the IP Restrictions. By selecting this setting through Client Portal, you're telling Interactive Brokers that you only want access to your trading platforms from a specified IP address. In addition, should you have multiple authorized traders for a given account, these restrictions can be set at the individual trader level by the master user of the account. 

 

Preliminary checklist:

Before setting up the IP Restrictions, you will need to:

  • Know your WAN IP Address. That is the IP address exposed on the external (Internet) side of your network and it is different from your local IP address (called as well LAN IP address). If you trade from a company office, you can ask your IT or Networking department for the WAN IP address of your computer. If you connect to the Internet through a private broadband/cable/satellite connection you can get this information from your ISP (Internet Service Provider).
  • Make sure that your IP address is static. This means your IP address will always remain the same, and will not change upon router/modem reboot or after a certain time period. The same entities which provided you with the WAN IP address, can as well clarify whether it is a static or dynamic one.
  • Be aware that IP Restrictions are not effective immediately. Our systems apply the filters during their daily overnight restart. It can take up to 24 hours until they are active, depending on the time you submit your IP Restrictions request. The same applies when you modify or remove existing IP Restrictions. Please be sure to consider this when you are planning your course of action.
  • The IP Restrictions will be applied to ALL Trading Platforms offered by IBKR. It will not affect Client Portal access, which will remain accessible from any IP address.

Note:

Please take note that the technical ability to misrepresent one's IP address exists, and full account protection is only ensured by using SLS Two-Factor Authentication (ibkr.com/sls).

If you have any questions on the topic, please feel free to contact IBKR's Technical Assistance Center.

How to set the IP Restrictions:

  1. Login to Client Portal and click the menu icon in the top-left corner.
  2. From the left side menu, click on Settings, then on User Settings. Then click on the wheel (configure) icon next to IP Restrictions.
  3. You will see a brief description of the effects of IP Restrictions. To set up a new IP Restriction, click on Add IP Restriction.
  4. Select the Trader from the drop-down list and enter the IP Address (in the format xxx.xxx.xxx.xxx) you want to allow for him. Then click on Continue.
  5. If you logged into Client Portal without using the Two-Factor Authentication, you will now receive an email1 containing a Confirmation Number. Enter it in the Confirmation Number field. Once done, click on Continue to submit the request. If you logged in to the Client Portal using a security device, please proceed directly to point 6.
  6. If the operation completed successfully, you will see a confirmation screen. Click OK.
  7. The system will now list your active IP Address restrictions. Should you want to create an additional one, click again on Add IP Restriction, otherwise navigate away from this section

 

Opt-out and IP Restrictions for Penny Stocks traders:

Clients who have elected to perform an opt-out, thus using the Two-Factor Authentication only for the Client Portal, must activate the IP Restrictions in order to be able to activate Penny Stocks Trading Permissions.


Additional best practices for securing your computer and your network

  • When logging into the TWS, activate the checkbox “Use SSL” on the login screen. SSL (Secure Socket Layer) guarantees that all the information exchanged between your computer and our servers is protected using 128-bit encryption.
  • Use a firewall to prevent unauthorized access to the services exposed by your network or/and computer. During the firewall set-up, please make sure you authorize the host/ports listed in section DESKTOP TWS of KB2816.
  • Use antivirus software to identify and eliminate viruses which might have infected your computer.  As new viruses are constantly being created, you need to update the threats database of your antivirus software regularly.
  • Use anti-malware software to detect and remove spyware/malware programs which can collect various types of personal information, monitor your browsing activity and interfere with the control of your computer. Nowadays many antivirus solutions include a built-in anti-malware protection.
  • Refrain from using wireless connections (Wi-fi) which are public, unsecured or not operated by you. If the use of a unsecured network (e.g. public Wi-Fi hotspot) becomes necessary, do not log into any financial institution account you may have, including your IBKR account.

 

Notes:
1. If you have not received the email, please make sure it did not land in the Spam/Junk folder of your mailbox and possibly add the email addresses donotreply@interactivebrokers.com and help@interactivebrokers.com to the trusted senders list. You can then request a new email to be sent to you with the button Resend Confirmation Number.

 

Troubleshooting Client Portal Login Failures

Click on the link below which best describes your situation:

  1. Receiving “Invalid user name password combination” message
  2. Receiving “Login Failed” message upon entering security device values
  3. I’ve forgotten my user name and/or password
  4. I’m temporarily without possession of my security device
  5. My security device has been lost or damaged
  6. I’ve been issued a temporary passcode which has expired
  7. I’ve been issued an online security card which has expired
  8. I’m awaiting delivery of my physical security device and can now no longer log into my account
  9. I am able to log into Client Portal with my temporary passcode but not the trading platform
  10. I am in possession of my security device and wish to activate it
  11. Receiving “BAD CHARACTER” message after entering my user name

IMPORTANT NOTE: If you are unable to resolve your account access issue from the information above, please contact your local Client Services Center.  Also note that for security purposes, all requests for login assistance must be initiated via telephone as it requires prior verification of the account holder's identity. A listing of Client Services Centers, contact numbers and hours of operations may be found via the following website link: ibkr.com/support

 

 

1. Receiving “Invalid user name password combination” message.

Make sure that the Caps Lock key is not on as user name is case sensitive and is required to be input in lower case format.

IMPORTANT SECURITY NOTICE: If an account experiences 10 consecutive failed Client Portal login attempts within any 24-hour period, it will be locked out from login regardless of subsequent attempts using the correct user name and password combination. This lock out, intended as a security measure to prevent hackers from random attempts to guess the password, will remain in force until 24 hours have passed since the last unsuccessful log in attempt.

If you believe that your account has or is about to be been locked due to consecutive failed login attempts, you will need to contact to contact your regional Client Services Center via telephone for assistance. Note that assistance for log in matters is only provided via telephone and after the identity of the account holder has been verified.

...Top

 

 

2. Receiving “Login failed” message upon entering security device values

a. If operating with a temporary passcode, note that alpha characters are case sensitive and are required to be input in upper case format

b. If operating a security card or electronic device, note that there are no spaces between characters

...Top

 

 

3. I’ve forgotten my user name and/or password

For security purposes, all requests for assistance with a user name and/or password must be initiated via telephone and require prior verification of the account holder’s identity. Requests are to be directed to one of the regional Client Services Center. 

...Top

 

 

4. I’m temporarily without possession of my security device

If you are temporarily without possession of your security device, interim access may be provided by contacting your regional Client Services Center via telephone where, once your identity has been verified, you will be provided with a temporary passcode.

The temporary passcode is a static alpha-numeric code which replaces the randomly generated code provided through your security device and which will provide full access to Client Portal and the trading platforms for 2 days. Should a lengthier period of interim access be necessary, and to obtain enhanced protection, it is recommended that you use the temporary passcode to log into Client Portal and print out the on-line security card which will operate as a replacement to your security device for up to 3 weeks.  

After the expiration of the temporary passcode or on-line security card, or if you regain possession of your security device beforehand, you will need to log into Client Portal and select the menu option to re-activate your security device.

...Top

 

 

5. My security device has been lost or damaged

In the case of a lost or damaged security device, you will need to contact our Client Services Center to arrange for a replacement and to provide for interim access. As the time frame for shipping a replacement device may range form 3 to 14 days depending upon your country of residence, interim access is provided via an on-line security card. The on-line security card may be retrieved for printing or saving as an image to your desktop once a temporary passcode has been provided for Client Portal access.

...Top

 

 

6. I’ve been issued a temporary passcode which has expired

The temporary passcode is intended to provide full access to both Client Portal and the trading platforms for a period of 2 days. After 2 days, the temporary passcode may no longer be used to access the trading platforms but may be used to access Client Portal for an additional period of 10 days. The Client Portal access, however, is limited solely for the purpose of printing or saving the on-line security card.  

If your window of access to Client Portal using the temporary passcode remains, you may print or save the on-line security card through which full access to both Client Portal and the trading platforms is provided for a period of 21 days. If you are unable to log into Client Portal, you will need to contact your regional Client Services Center for assistance.

...Top

 

 

7. I’ve been issued an online security card which has expired

The on-line security card is intended to provide full access to both Client Portal and the trading platforms for a period of 21 days. This time frame, while limited, is intended to provide sufficient opportunity for the account holder to either regain possession of a temporarily unavailable security device or request and receive a replacement device.

If you are unable to log in using the on-line security card, you will need to contact your regional Client Services Center for assistance and to provide information as to the status of your permanent security device.

...Top

 

 

8. I’m awaiting delivery of my physical security device and can now no longer log into my account

Depending upon your location, the physical security device should be delivered to the address of record on your account within 2 days in the case of US residents and within 2 weeks for all other accounts. It’s important to note that the permanent devices are set to automatically activate after a set timeframe if not yet manually activated by the account holder. If this is the case and you encounter difficulties logging into your account, please contact our Technical Assistance Department at 1-877-442-2757.

...Top

 

 

9. I am able to log into Client Portal with my temporary passcode but not the trading platform.

If your window of access to Client Portal using the temporary passcode remains, you may print or save the on-line security card through which full access to both Client Portal and the trading platforms is provided for a period of 21 days.

If you are unable to log into Client Portal, you will need to contact your regional Client Services Center for assistance.

...Top 

 


10. I am in possession of my security device and wish to activate it.

To activate either a replacement device or one which was temporarily unavailable and which required issuance of a temporary passcode, you will need to log into Client Portal and select the reactivate security device menu option. Once reactivated, neither the temporary passcode nor on-line security card will remain operable.

...Top

 

 

11. Receiving “BAD CHARACTER” message after entering my user name.

Re-enter your user name and make sure that you do not include any spaces or characters which are not either alpha or numeric (e.g. !@#$%^&*(.,”:...etc.).

...Top

Overview of Secure Login System

Table of contents

 

The security of your assets and personal information is of utmost concern to us and we are committed to taking the steps necessary to ensure you are protected from the moment you open your account.  

To provide you with the highest level of security, Interactive Brokers has implemented a Secure Login System (SLS) through which access to your account is subject to Two-Factor Authentication.
 
Two-Factor Authentication serves to confirm your identity at the point of login using two security elements: 1) Something you know (your username and password combination); and 2) Something you have (an IBKR issued security device which generates a random, single-use security code). As both knowledge of your username/password and physical possession of the security device are required to login to your account, participation in the Secure Login System virtually eliminates the possibility of anyone other than you accessing your account.
 
 

Benefits of Enrollment

The principal benefit of SLS enrollment is to protect your account from unauthorized access. There is no fee associated with enrollment and participants have the added benefits of:
  1. Higher withdrawals thresholds over both single and five day rolling periods.
  2. Ability to change your banking instructions and email address without contact from a member of our Security Team.
  3. Ability to effect ACH & EFT funding transactions beyond an initial USD 20,000 account funding transaction.
  4. The ability to share a single device among multiple usernames registered to the same individual.
 
 

How to Enroll

Enrollment is easy. If you are a new applicant, you will be asked to confirm your mobile phone number to continue. This will enable two-factor security through SMS mobile phone messaging. IBKR will send you a one-time passcode upon login.
The SMS mobile two-factor authentication is temporary and will be removed once you activate the IBKR Mobile Authentication (IB Key), as explained in IB Knowledge Base article KB2260.
If you are a new or existing Client with equity above $500,000 you may request a Digital Secure Card+ (DSC+) as a complementary device to your IBKR Mobile Authentication, as explained here. Once you have received your DSC+ device, log in to Client Portal and follow the instructions here to activate it.
Once your security device or digital security app is activated, each time you log in to Client Portal, TWS or IBKR Mobile, you will be required to enter two authentication factors – your username and password combination and the security code generated by your device. When you successfully log in, your account will be secured with full perimeter coverage, protecting both your cash and positions from unauthorized access."

 

 
 

Lost, Damaged or Temporarily Unavailable Device

In the case of a lost, damaged or temporarily unavailable security device, you will need to contact your regional Client Service Center via telephone to arrange for a replacement and/or to provide for interim access. Once your identity has been verified you will be provided a temporary passcode (i.e., a static alpha-numeric code which replaces the random code supplied by your security device) that will allow you to log into Client Portal and print the on-line security card. The on-line card will provide interim access for up to 21 days, sufficient time for a replacement device to be shipped or, should your device be temporarily unavailable, time to regain possession of it. See KB1943 for instructions on requesting a replacement device.
 
Alternatively, if your mobile phone number has already been verified with IBKR, you can activate the IBKR Mobile app and its IB Key authentication to provide your account with an immediate two-factor protection.
 
 
 

Types of Devices

IBKR provides a range of security devices, each tailored to meet the portability and security needs of your particular account. 
  1. SMS - A quick and easy way to complete the Two-Factor Authentication through text messages (SMS) sent to your mobile phone number.
  2. IBKR Mobile (IB Key) – An all-in-one mobile app offering a convenient digital solution for your Two-Factor Authentication needs.  The IB Key protocol found within the app supports both fingerprint/facial recognition and PIN configuration1 and is available for download on both Android phones and iPhones.
  3. Digital Security Card+ - For accounts with an equity of 500K USD or equivalent. It has the same size and shape of a credit card and it is electronic, requiring the user to enter a PIN code as an additional layer of protection.
Note:
For iPhone users you must have either Touch ID, Face ID, or Passcode enabled (refer to: Set up Touch ID or Set up Face ID for directions). Touch ID or Face ID is the recommended choice.  PIN/Passcode supports up to 12 hours of trading access while fingerprint/facial recognition allows for 30+ hours as long as you authenticate at least once during this time period. Please see further details mentioned in our User's guide for Extended Trading Access.
 

 

Withdrawal Limits

Clients who participate in the Secure Login System enjoy enhanced withdrawal capabilities, while clients who do not participate are subject to daily and weekly withdrawal restrictions. The amount that a participating client may withdraw or transfer over a given one- or five-day period increases commensurate with the protective value of the device and is outlined in the table below.

Security Device Maximum Withdrawal per Day Maximum Withdrawal in 5 Business Days
None 50K USD 100K USD
SMS 200K USD 600K USD
IB Key 200K USD 600K USD
Security Code Card* 200K USD 600K USD
Digital Security Card* 1M USD 1.5M USD
Digital Security Card+ Unlimited Unlimited
Platinum*/Gold* Unlimited Unlimited
Note: * Represents a legacy device no longer being issued.
 

Back to top

 

Additional Information 

See KB2636 for information and procedures related to Security Devices.
See KB2277 for complete details on IBKR Mobile Authentication (IB Key) for Android.
See KB2278 for complete details on IBKR Mobile Authentication (IB Key) for iOS.
 
 
 

 

Use cases where assistance with system access is required

Übersicht: 

Please click on the use case below which best describes your login issue for guidance as to how to proceed:

I. No Access to Account Management or TWS

1. I forgot my User Name and/or password

2. I am temporarily without possession of my security device

3. My security device is lost or damaged

4. My temporary passcode has expired

5. My on-line security card has expired

 

II. Partial Access (Account Management only)

1. I am able to log into Account Management with my temporary passcode but not the trading platform

 

III. Full Access to both Account Management and TWS

1. I am in possession of my security device and wish to activate it.

 

 

 

 

 

 


  1. I forgot my User Name and/or password

For security purposes, all requests for assistance with a User Name and/or password must be initiated via telephone and require prior verification of the caller’s identity. Click here for a list of IB’s regional Customer Service center contact numbers.

 

  1. I am temporarily without possession of my security device

If you are temporarily without possession of your security device, interim access may be provided by contacting your regional Customer Service center via telephone where, once your identity has been verified, you will be provided with a temporary passcode.   

This temporary passcode is a static alpha-numeric code which replaces the random code supplied by your security device and which will provide full access to both Account Management and the trading platforms for 2 days.  Should a lengthier period of interim access be necessary and to obtain enhanced protection, it is recommended that you use the temporary passcode to log into Account Management and print out the on-line security card which will operate as a replacement to your security device for up to 3 weeks.   

After the expiration of the temporary passcode or on-line security card, or if you regain possession of your security device beforehand, you will need to log into Account Management and select the menu option to re-activate your security device.

 

  1. My security device is lost or damaged

In the case of a lost or damaged security device, you will need to contact our Customer Service center to arrange for a replacement and to provide for interim access. As the time frame for shipping a replacement device may range form 3 to 14 days depending upon your country of residence, interim access is provided via an on-line security card. The on-line security card may be retrieved for printing or saving as an image to your desktop once a temporary passcode has been provided for Account Management access.

 

  1. My temporary passcode has expired

The temporary passcode is intended to provide full access to both Account Management and the trading platforms for a period of 2 days.  After 2 days, the temporary passcode may no longer be used to access the trading platforms but may be used to access Account Management for an additional period of 10 days.  The Account Management access, however, is limited solely for the purpose of printing or saving the on-line security card.   

If your window of access to Account Management using the temporary passcode remains, you may print or save the on-line security card through which full access to both Account Management and the trading platforms is provided for a period of 21 days. If you are unable to log into Account Management, you will need to contact your regional Customer Service center for assistance.

 

  1. My on-line security card has expired

The on-line security card is intended to provide full access to both Account Management and the trading platforms for a period of 21 days. This time frame, while limited, is intended to provide sufficient opportunity for the account holder to either regain possession of a temporarily unavailable security device or request and receive a replacement device. 

If you are unable to log in using the on-line security card, you will need to contact your regional Customer Service center for assistance and to provide information as to the status of your permanent security device.

 


 

  1. I am able to log into Account Management with my temporary passcode but not the trading platform

If your window of access to Account Management using the temporary passcode remains, you may print or save the on-line security card through which full access to both Account Management and the trading platforms is provided for a period of 21 days. 

If you are unable to log into Account Management, you will need to contact your regional Customer Service center for assistance.

 


  1. I am in possession of my security device and wish to activate it.

To activate either a replacement device or one which was temporarily unavailable and which required issuance of a temporary passcode, you will need to log into Account Management and select the reactivate security device menu option.  Once reactivated, neither the temporary passcode nor on-line security card will remain operable.

 

How to change the PIN of your Secure Login Device

Background: 

Interactive Brokers recommends that you change your PIN regularly to add an extra layer of security.

NOTE: If you do not know your current PIN, you would need to call Interactive Brokers directly to have it reset. Please use any of the phone numbers listed under: ibkr.com/support

Below you will find the procedure for changing the PIN code of your Security Device, according to the device type you are currently using:

 

 

Digital Security Card Plus (DSC+)

      

The PIN of the DSC+ has to be changed from the Client Portal page, following the steps below:

  1. Log into Client Portal using your security device and click the Menu icon in the top-left.
  2. Select the menu options Settings --> User Settings --> Secure Login System
  3. Click on the wheel (Configure)
  4. Click the i (Information) icon next to your active DSC+
  5. Click on Change PIN in the lower right of the pop up
  6. Enter the new PIN you would like to use and confirm it. A Challenge Code will be displayed. Operate your DSC+ with the Challenge Code and your new PIN in order to generate a Response code. Enter it into the Passcode field and click Continue
  1. If the new PIN has been accepted by the system, you will see to a confirmation page. Click OK on the bottom right to complete the procedure. 

Back to top

 

IBKR Mobile for Android Users

 

Open the IBKR Mobile App.

  1. Tap the Services button in te upper-left corner
    IB Key, tap Menu icon in top-right corner
  2. Tap the button Authenticate
    IB Key, tap Change PIN
  3. Tap Change PIN. Some phones may require you to scroll down to see the option.
    IB Key, enter Current PIN, New PIN and Repeat New PIN     IB Key, tap Submit
  4. Enter your username, password, current PIN, and your new PIN twice. Click Submit. Some phones may require you to scroll down to see all the items.
    IB Key, wait till you receive text message with SMS Code     IB Key, enter SMS Code and tap Submit Pin Change
  5. The PIN has been successfully changed. Tap on Done.
    IB Key, PIN change successfully processed, tap Go to start page

Once the PIN has been successfully changed, you can close the IBKR Mobile app and log in to Client Portal or to your trading platform using the new PIN. 

Back to top

 

How long does a Temporary Security Code last?

IBKR will issue a temporary passcode to Secure Login System participants in the event their security device has been misplaced, lost or damaged.  The temporary passcode is intended to provide full access to both Client Portal and trading platforms for a period of 2 days. After 2 days, the temporary passcode may no longer be used to access the trading platforms but may be used to access Client Portal for an additional period of 10 days. Client Portal access, however, is limited solely for the purpose of printing or saving the Online Security Code Card.

The Online Security Code Card, in contrast, has a lifespan of 21 days, providing the account holder with an opportunity to locate the misplaced device or have continuous access in case the device is lost or damaged, and needs replacement. Account holders who remain without their physical security device and who are unable to log in using either the temporary passcode or Online Security Code Card will need to contact Client Services (ibkr.com/support) in order access their account.

The quickest solution to restore permanent access to your account, is to install and activate the IBKR Mobile authentication with IB Key. Details about the instant activation of the smartphone app can be found here.

IMPORTANT NOTICE

As a matter of policy, IBKR will not issue consecutive temporary passcodes to a given account, but rather will act to restore the account protection to the most secure level, which is provided by a physical security device.

 

References
  • See KB70 for instruction for requesting a Temporary Passcode
  • See KB1131 for an overview of the Secure Login System
  • See KB2636 for information and procedures related to Security Devices
  • See KB2481 for instructions about sharing the Security Login Device between two or more users
  • See KB2545 for instructions on how to opt back in to the Secure Login System
  • See KB975 for instructions on how to return your security device to IBKR
  • See KB2260 for instructions on activating the IB Key authentication via IBKR Mobile
  • See KB2895 for information about Multiple 2Factor System (M2FS)
  • See KB1861 for information about charges or expenses associated with the security devices

 

Syndicate content