Best Security Practices for IBKR Clients

Overview: 

IBKR goes to great lengths to keep client accounts secure. This document provides recommendations to safely operate and maintain your trading operations with Interactive Brokers.

 

Table of Contents

  1. Monitor your account
  2. Maintain Accurate Account Information
  3. Employ Safe Computing Practices
  4. Protect your Data
  5. Handle with caution pop-ups, unknown emails, and links
  6. Handle passwords securely
  7. Mandatory Secure Login System (SLS)
  8. IP Restrictions 

 

 

1. Monitor your account

  • Regularly check your account balances and positions through TWS and the daily statements available in Client Portal.
  • Immediately report anything suspicious by contacting Client Services through any real-time method (Live Chat or Phone Call) listed under ibkr.com/support .

 

2. Maintain Accurate Account Information

  • In the event that we detect unusual or suspicious activity, being able to contact you is essential.
  • Accordingly, you should always ensure that the contact information you have provided (e.g. telephone numbers, email address) is always accurate.
    • To update your contact information, log in to our Client Portal. From the main menu, select Settings > User Settings and go to the Communication panel.

 

3. Employ Safe Computing Practices

  • Lock your computer if you're leaving it for a period of time by setting up a password protected screensaver. Always turn off your computer when you have finished using it. This recommendation is imperative for mobile computers and highly recommended for shared machines.
  • Avoid accessing your brokerage account from public computers. Some of those may have been targeted by hackers and have a keystroke-capture software. If you must use a public computer, remember the following:
    • Use the virtual keyboard on the login window to avoid having your keystrokes captured.
    • Log out after accessing your account.
    • Never leave the computer unattended while logged in.
    • Clear the browser cache after logoff so that no sensitive information remains stored on the computer.
  • Regularly check for security updates and patches for your operating system and use the most current version of your browser.
  • Create separate profiles (user/password protected) if your computer is shared with a third party.

 

4. Protect your Data

  • Do NOT share personally identifiable information like your SSN, Credit Card number when answering an unsolicited email, phone call, text message, or instant message. In case of a doubt, ask for a name and a callback number, as well as an internal reference number for the communication.
  • Do not share files unless it's absolutely necessary. It's a smart idea to disable the file and printer sharing features, but if you decide to use these, make sure that you configure the access permissions with strong passwords, and only share for specific users.
  • Consider the encryption of your email communication:
    • It's important since it protects you from a data breach, and from the hacker to read your messages (the hacker won't have access to the information).
    • Either configure your email settings to encrypt your messages, or use an end-to-end encrypted email service (e.g. ProtonMail).

5. Handle with caution pop-ups, unknown emails, and links

  • Beware of phishing - phishers try to trick you into clicking on a link that may result in a security breach. Make sure that for sensitive information and login, you mouse over links and/or verify the website's address in your browser's address bar.
  • We recommend that you use a pop-up blocker (sometimes integrated in your browser) and set its security filter to the highest possible level. Then either add the IBKR website to your list of "trusted" sites, or disable your pop-up blocker while using our website.
  • Use email safely, and delete without opening messages that don't originate from a trusted source as they may contain harmful attachments or links, or may be an attempt to fraudulently obtain sensitive information. Turn off the "preview pane" in your email system as this function can allow some viruses to be executed even if you never open the email. Make sure that you add to your address book the IBKR email addresses.

 

6. Handle passwords securely

  • Use the maximum characters available and avoid simple or duplicate alphabetic and numeric sequences or passwords containing personal information.
  • Do NOT share your password with anyone.
  • Change your password frequently and do not use the same password for multiple systems.
  • Do not leave notes on your monitor, keyboard, desk or drawer to help you remember your passwords.
  • Use a password manager to store your passwords. This software will not only allow you to generate complex passwords, but as well to store them securely.

 

7. Mandatory Secure Login System (SLS)

  • The Secure Login System provides an extra layer of security to your IBKR account at no charge through the use of a free physical security device or IBKR Mobile Authentication. The enrollment in our SLS program is mandatory.
  • IBKR offers the following solutions:
    • SMS (automatic enrollment at account opening).
    • IB Key Authentication via IBKR Mobile (available to all our clients - requires a smartphone).
    • Digital Security Card + (available to accounts with a balance greater than 500K USD).
  • We support multi-2FA, meaning whenever possible, we recommend users who have an active DSC+ to also activate IB Key on their smartphone.
  • Click here for an Overview of our SLS Program (KB 1131)
  • Click here for an details on IBKR Mobile Authentication (KB 2260)

 

8. IP Restrictions

  • To prevent the login to your IBKR account from an unauthorized computer, enable IP Restrictions via the Client Portal.
  • With IP Restrictions active, login to your account on any of our platforms (Client Portal, TWS and IBKR Mobile) will only be permitted if the device you are using is connected to the IP address(es) you've previously designated.
  • Click here for further instructions on IP Restrictions

 

How to add a user to an existing IB Key instance - iOS

Overview: 

This page covers the steps required to add a user to the Authentication section in the IBKR Mobile app for iOS devices.

 

Requirements:
  • The IBKR Mobile app must be installed and IB Key Authentication already activated on this iOS device.
  • For more information on the installation and activation on iOS devices, please refer to KB2278.

 

Instructions:

1. On your iOS device, open the IBKR Mobile app.

     1.a. If the app opens with the login screen (Figure 1), tap on Services on the top-left corner (red arrow) and proceed with step 2

     1.b. If the app opens with your Home Page, Portfolio, Watchlists, or similar, tap on More on the bottom-right corner (Figure 2). Then tap on Two-Factor Authentication (Figure 3), followed by Add User (Figure 4) and proceed with step 3.

Figure 1.                                       Figure 2.                                       Figure 3.                                                                     

     

Figure 4.                                     

2. Tap on Authenticate (Figure 5) and then on Add User (Figure 6).

Figure 5.                                         Figure 6.

    

 

3. Read the instructions and then tap on Continue (Figure 7).

Figure 7.

3. Enter your Username and Password, and then tap on Continue (Figure 8). 

Figure 8.

4. An Authentication Code will be sent via SMS to the mobile phone number listed on your account (Figure 9). Enter this Authentication Code in the Activation Code field and tap on Activate (Figure 10).

Figure 9.                                                    Figure 10.

  

5. Depending on your smartphone's security settings, you will be asked to use your Passcode, Touch ID, or Face ID (Figure 11).

Figure 11.

6. If the activation has been successful, you will see a confirmation screen. Finally, tap on Done to complete the procedure (Figure 12).

Figure 12.

How to add a user to an existing IB Key instance - Android

Overview: 

This page covers the steps required to add a user to the Authentication section in the IBKR Mobile app for Android devices. 

 

Requirements:
  • The IBKR Mobile app must be installed and IB Key Authentication already activated on this Android device.
  • For more information on the installation and activation on Android devices, please consult KB2270.

 

Instructions:

1. On your Android device, open the IBKR Mobile app.

     1.a. If the app opens with the login screen (Figure 1), tap on Services on the top-left corner (red arrow) and proceed with step 2.

     1.b. If the app opens with your Home Page, Portfolio, Watchlists, or similar, tap on More on the top-left corner (Figure 2). Then tap on Two-Factor Authentication (Figure 3), followed by Add User (Figure 4) and proceed with step 3.

Figure 1.                                       Figure 2.                                        Figure 3.

    

Figure 4.

2. Tap on Authenticate (Figure 5) and then on Add User (Figure 6).

Figure 5.                                           Figure 6.

         

3. Read the instructions and then tap on Continue (Figure 7).

Figure 7.

4. Enter your Username and Password, then tap on Continue (Figure 8). 

Figure 8.

5. An Authentication Code will be sent via SMS to the mobile phone number listed on your account (Figure 9). Enter this Authentication Code in the Activation Code field and tap on Send (Figure 10).

Figure 9.                                                        Figure 10.

      

6. Provide your PIN then tap on Activate (Figure 11).

Figure 11.

7. If the activation has been successful, you will see a confirmation screen. Finally, tap on Done to complete the procedure (Figure 12).

Figure 12.

How to verify your identity using your Secure Login Device

Overview: 

Some tasks in Client Portal will ask you to verify your identity by using the Challenge Code/Response String method in order to proceed further.

This article will guide you in completing these tasks with the following Secure Login Devices:

-----------------------------------------------------------------------------------------------------------------------------------------------------------

Verify your identity with IB Key (iOS)

1. When you initiate a task that requires a verification, you will be prompted to enter Username and Password. Fill out the information and click on Continue (Figure 1).

Figure 1.

2. A Challenge Code will be displayed, along with a passcode field to enter a response (Figure 2). You will enter this Challenge Code onto your phone.

Figure 2.

3. Launch IBKR Mobile on your iOS smartphone, and...

     3.a. If the app opens with the home screen (Figure 3), select Authenticate then proceed with step 4.

     3.b. If the app opens with the login screen (Figure 4), tap Services on the top left (red arrow), select Authenticate (Figure 3) and proceed with step 4.

     3.c. If the app opens with your Home Page, Portfolio, Watchlists, or similar (Figure 5), tap More on the bottom-right (red arrow). Then tap Two-Factor Authentication (Figure 6), tap Generate Code (Figure 7) and proceed with step 4.

Figure 3.                                           Figure 4.
     

Figure 5.                                           Figure 6.                                            Figure 7.

          

4. Type the Challenge Code from Client Portal (see step 2.) into the corresponding field and select Generate Passcode (Figure 8).

Figure 8.

5. Use Touch ID or Face ID for two-factor authentication.

If Touch ID has not been activated, IB Key will prompt you to enter your smartphone's passcode. A response string will then be generated (Figure 9).

     5.1 If you use Touch ID, place your registered finger on the Home Button (Figure 9). A response string will then be generated (Figure 10).

Figure 9.                                                       Figure 10.
     

     5.2 If you use Face ID, look at your iOS smartphone screen (Figure 11). A response string will then be generated (Figure 12).

Figure 11.                                                          Figure 12.
    

6. Enter the response string from IB Key into the passcode field of Client Portal and click Continue (Figure 13).

Figure 13.

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------

Verify your identity with IB Key (Android)

1. When you initiate a task that requires a verification, you will be prompted to enter Username and Password. Fill out the information and click on Continue (Figure 1A).

Figure 1A.

2. A Challenge Code will be displayed, along with a passcode field to enter a response (Figure 2A). You will enter this Challenge Code onto your phone.

Figure 2A.

3. Launch IBKR Mobile on your Android smartphone, and...

     3.a. If the app opens with the home screen (Figure 3A), select Authenticate then proceed with step 4.

     3.b. If the app opens with the login screen (Figure 4A), tap Services on the top left (red arrow), select Authenticate (Figure 3A) and proceed with step 4.

     3.c. If the app opens with your Home Page, Portfolio, Watchlists, or similar (Figure 5A), tap More on the bottom-right (red arrow). Then tap Two-Factor Authentication (Figure 6A), followed by Generate Response (Figure 7A), and proceed with step 4.

Figure 3A.                                            Figure 4A.

    

Figure 5A.                                          Figure 6A.                                     Figure 7A.

         

4. Type the PIN that you determined during the IB Key registration process and the Challenge Code from Client Portal into the corresponding fields, then select Generate Passcode. A response string will then be generated (Figure 8A).

Figure 8A.

5. Enter the response string from IB Key into the passcode field of Client Portal and click Continue (Figure 9A).

Figure 9A.

-----------------------------------------------------------------------------------------------------------------------------------------------------------

Verify your identity with Digital Security Card+ (DSC+)

1. When you initiate a task that requires a verification, you will be prompted to enter Username and Password. Fill out the information and click on Continue (Figure 1B).

Figure 1B.

2. A Challenge Code will be displayed, along with a passcode field to enter a response (Figure 2B). You will enter this Challenge Code onto your DSC+.

Figure 2B.

3. Turn on your DSC+ using the “press” button until 'PIN>' is displayed (Figure 3B). Enter the 4-digit PIN code you specified at the time you requested the device, then confirm with the “OK” button (Figure 4B).

Figure 3B.                                                              Figure 4B.                                                    

     

4. When 'CHALLNG>' is displayed (Figure 5B), enter the 6-digit Challenge Code from the Client Portal screen into the DSC+, then confirm with the "OK" button (Figure 6B).

Figure 5B.                                                              Figure 6B.                                       
    

5. A response code will appear (Figure 7B).

Figure 7B.                                                  

6. Enter the response string from your DSC+ into the passcode field of Client Portal and click Continue (Figure 8B).

Figure 8B.

Secure Login with Digital Security Card+

Overview: 

Securely log into any IBKR application, including TWS, Client Portal or WebTrader, using IBKR's Digital Security Card+.

 

NOTE: The buttons on your security card are not touch sensitive, but rather require to be pressed.

1. When logging in to your account, enter your user name and password as usual (Point 1 of Figure 1). If successful, a 6-digit Challenge Code will appear (Point 2 of Figure 1).

Figure 1.

 

2. Turn on your device by pressing the “press” button until the 'PIN>' display appears (Figure 2), enter the 4-digit PIN code you specified at the time you requested the device, then press the “OK” button (Figure 3).

Figure 2.                                                              Figure 3.                                                         

3. When the 'CHALLNG>' display appears on the device (Figure 4), enter the 6-digit Challenge Code from the login screen (step 1.) into the device, then press the "OK" button (Figure 5).

Figure 4.                                                              Figure 5.                                       
    

4. A response code will appear (Figure 6)

Figure 6.                                                          

5. Enter the 8 digits of the response code into the login screen (Figure 7). Select the Login button to proceed. If the passcode expires, start over from step 1. above.

Figure 7.                                                               

NOTE: The Security Code field will look slightly different depending on the application you are logging in to.

 

References
  • See KB1131 for an overview of the Secure Login System
  • See KB2636 for information and procedures related to Security Devices
  • See KB2481 for instructions about sharing the Security Login Device between two or more users
  • See KB2545 for instructions on how to opt back in to the Secure Login System
  • See KB975 for instructions on how to return your security device to IBKR
  • See KB2260 for instructions on activating the IB Key authentication via IBKR Mobile
  • See KB2895 for information about Multiple 2Factor System (M2FS)
  • See KB1861 for information about charges or expenses associated with the security devices
  • See KB69 for information about Temporary passcode validity

How is my IB Canada account protected?

The Canadian Investor Protection Fund (CIPF) is sponsored by the Canadian regulator (IIROC) to ensure client assets held by a Canadian investment dealer are protected if a member firm becomes insolvent. IB Canada is a member of the CIPF which offers insurance against member default for amounts up to CAD 1,000,000. Covered assets include cash, securities and commodities and will depend on the account type:

Non-registered accounts (Cash, Margin, TFSA)

1,000,000 CAD for any combination of cash, securities and commodities under all non-registered account types.
For assets held in a joint account or under a corporation, the percentage interest is added towards the same total.

Registered account (RSP)

RSP accounts are treated as "Separate Account" and are eligible for an additional 1,000,000 CAD coverage. Additional details can be found on www.cipf.ca.

Please note, IB Canada accounts receive CIPF protection in lieu of SIPC protection.

How to use Voice callback for receiving login authentication codes

Background: 

 If you have SMS enabled as two-factor authentication method, you may use Voice callback to receive your login authentication codes. This article will provide you steps on how to select voice callback when logging in to our platforms.

 

How to use Voice callback
 
You may select Voice if you do not receive your login authentication code. You will then receive your login authentication code via an automated callback. Follow the instructions below, depending on which platform you are trying to login to.
 

 

Client Portal

1. Click on "Didn't receive a security code?"

2. From the two options, select "Voice" and wait for the callback.

3. After selecting Voice, you should receive the callback within a minute. Please wait for the callback and be ready to write down the code that will be provided over the callback.

 

TWS

1. Click on "Request new Security Code"

2. From the two options, select "Voice" and click on OK. Then wait for the callback.

 3. After selecting Voice, you should receive the callback within a minute. Please wait for the callback and be ready to write down the code that will be provided over the callback.

Note: Voice callback for the TWS is only available in the LATEST and BETA version.

 

IBKR Mobile - iOS

1. Click on "Request New Code"

2. From the two options, select "Voice" and wait for the callback.

 3. After selecting Voice, you should receive the callback within a minute. Please wait for the callback and be ready to write down the code that will be provided over the callback.

 

IBKR Mobile - Android

1. Click on "Request New Security Code"

2. From the two options, select "Voice" and wait for the callback.

 3. After selecting Voice, you should receive the callback within a minute. Please wait for the callback and be ready to write down the code that will be provided over the callback.

 

References:

 

IB Key Challenge / Response method and missing notifications

In case your smartphone is unable to receive IB Key notifications, you can still complete the login process using the IB Key Challenge/Response method, described on the following pages (according to your device operating system):

The same information applies to you if your phone has no Internet connectivity (you are in roaming, out of coverage, without an active mobile data plan, etc.)

If your smartphone is unable to receive IB Key notifications despite having Internet connectivity, we recommend you to perform the steps outlined in IBKB3234.

 

Función de autenticación de dos factores de IBKR Mobile

Overview: 

IB protege su cuenta mediante la utilización del inicio de sesión con la función de autenticación de dos factores. En el proceso de inicio de sesión, se utiliza el nombre de usuario y contraseña de su cuenta, junto con un código generado al azar.  La función de autenticación de dos factores tiene por objeto la minimización del riesgo de acceso fraudulento a su cuenta (realizado por hackers que adquieren su contraseña mediante programas malignos o ingeniería social).

IB ofrece una serie de opciones que contienen la función de autenticación de dos factores. No obstante, la función de autenticación de IBKR Mobile es la más fácil de acceder y utilizar. A continuación se detallan algunas de las ventajas ofrecidas en esta aplicación.

 

1. Disponibilidad ininterrumpida: 
Su smartphone viaja siempre con usted, de modo que también podrá utilizarlo como una herramienta segura para acceder a su cuenta de IB.

2. Práctico:
No tendrá que depender de otro dispositivo. En caso de pérdida o cambio de su dispositivo móvil, el servicio de atención al cliente le ayudará a volver a utilizar la aplicación en cuestión de segundos.

3. Activación rápida:
Solo tardará un par de minutos en descargar la aplicación y podrá utilizarla directamente para autenticarse y acceder a su cuenta.

4. Sin problemas de envío, entrega o retorno del dispositivo:
No deberá preocuparse por los plazos de entrega ni de retorno del dispositivo ni por las baterías agotadas. Solo deberá descargarse la aplicación y tendrá la aplicación a su control.

5. Inicio de sesión rápido, seguro y sin complicaciones:
Cuando desee iniciar sesión en las plataformas de negociación o en Gestión de cuenda, solo deberá introducir su nombre de usuario y contraseña. IBKR le enviará un mensaje y utilizará el protocolo de IB Key para completar el proceso de autenticación mediante su huella dactilar o PIN, en función de la configuración establecida

6. Autenticación de varios usuarios mediante la misma aplicación:
En caso de que disponga de un dispositivo de seguridad para su cuenta de IB personal, uno para su cuenta conjunta con su cónyuge y uno con su cuenta de empresa, ahora podrá activar todas las cuentas con la misma aplicación.

7. Disponible para todos los dispositivos móviles, en todo el mundo:
Puede descargar IBKR Mobile en la App Store para los usuarios iPhone. Los usuarios Android pueden descargar la aplicación en Google Play. Los clientes en China pueden descargarse la aplicación en Baidu y en las tiendas 360.cn.

8. Opere sin conexión:
Asimismo, podrá utilizar la función de autenticación de IBKR Mobile incluso si su teléfono no dispone de conexión (por ejemplo, si está de vacaciones o no hay señal suficiente). Aunque la función de autenticación automática no estará disponible, la aplicación generará los códigos necesarios para acceder a su cuenta y operar.

9. Proceso de restablecimiento de la contraseña totalmente protegido:
Si dispone de la aplicación IBKR Mobile y ha activado la función de autenticación de IB Key , el servicio de atención al cliente podrá enviarle una contraseña temporal a su teléfono de manera segura, sin ponerla en riesgo al enviarla por mensaje de texto o en otros medios de comunicación.

10. Pequeño espacio ocupado:
La aplicación IBKR Mobile puede descargarse en cualquier dispositivo, incluso con los planes de datos más restringidos, y puede instalarse sin acaparar recursos. El tamaño de la aplicación y su uso operativo de los recursos se limitan al mínimo sin comprometer su seguridad.

 

Consulte el artículo KB2260 para obtener más información sobre el proceso de instalación, activación y funcionamiento de la función de autenticación de IBKR Mobile.

Migración de la función de autenticación de IBKR Mobile (IB Key) a un nuevo smartphone

Puede tener la aplicación IBKR Mobile instalada en más de un dispositivo, pero solo podrá activar la autenticación de IBKR, denominada IB Key, en un dispositivo móvil, en el que deberá completar la función de autenticación de dos factores para poder iniciar sesión en el resto de dispositivos.

En caso de que disponga de más de un dispositivo, o si ha cambiado o perdido su smartphone, podrá migrar la activación de IB Key sin tener que ponerse en contacto con el servicio de atención al cliente de IB. El proceso de migración de la IB Key permite trasladar la función de autenticación de dos factores en su segundo dispositivo o en su nuevo smartphone y eliminarla de su dispositivo principal.
 
Siga las instrucciones que figuran a continuación en caso de haber perdido o renovado su dispositivo móvil o en caso que vaya a realizar un viaje de negocios o de vacaciones y no tenga acceso a su dispositivo principal.
 
    Requisitos: 
    - Este proceso se realizará en su dispositivo secundario o en su nuevo smartphone. No necesitará su teléfono móvil principal o antiguo (a través del cual utilizaba la IB Key).
    - Deberá disponer del número de teléfono utilizado para activar la IB Key (excepto si dispone de un dispositivo de seguridad físico activado con su usuario), dado que se enviará un SMS a este número de teléfono durante el proceso de migración.
     

    Una vez haya revisado los requisitos mencionados anteriormente, haga clic en el enlace correspondiente que figura a continuación, en función del sistema operativo de su segundo smartphone:

  • Apple iOS
  • Android

 


Apple iOS

1. Abra IBKR Mobile, introduzca su nombre de usuario y contraseña y pulse el botón Iniciar sesión
Figura 1


2. Seleccione la opción Migrar IB Key  (Figura 2), y pulse Migrar IB Key para confirmar su selección (Figura 3)
Figura 2                                                              Figura 3

  

3. Cuando haya leído las instrucciones, pulse Continuar
Figura 4
 
4. Introduzca su nombre de usuario y contraseña y pulse Iniciar sesión
Figura 5
 
5. Recibirá un token de activación a través de SMS (Figura 6). Introduzca este token de activación en el campo del código de activación y pulse el botón Activar (Figura 7)
Figura 6                                                             Figura 7
  
 
6. Pulse el botón Hecho para completar el proceso de migración.
Figura 8

 

 

Android

1. Abra IBKR Mobile, introduzca su nombre de usuario y contraseña y pulse el botón Iniciar sesión
Figura 1


2. Seleccione la opción Migrar IB Key  (Figura 2) y pulse Migrar IB Key para confirmar su selección (Figura 3)
Figura 2                                                            Figura 3
  
 
3. Después de haber leído las instrucciones, pulse Continuar
Figura 4
 
4. Introduzca su nombre de usuario y contraseña y pulse el botón Iniciar sesión
Figura 5
 
5. Recibirá un token de activación a través de SMS (Figura 6). Introduzca el token de activación recibido en el SMS y pulse Verificar (Figura 7)
Figura 6                                                          Figura 7
  
 
6. Cree un código PIN (ha de ser alfanumérico y contener entre cuatro y seis caracteres, y un número como mínimo), e introdúzcalo en el campo del PIN. A continuación, introduzca el mismo PIN en el campo Repetir PIN para confirmarlo. Puse Activar
Figura 8
 
7. Pulse el botón Hecho para terminar el proceso de migración.
Figura 9
 
 

 

Referencias:

  • Consulte los artículos KB2879y KB2260 para obtener más información sobre la función de autenticación de IBKR Mobile (IB Key)
  • Consulte el artículo KB2260 para encontrar las instrucciones de instalación/activación/funcionamiento de la aplicación IBKR Mobile
  • Consulte el artículo KB2278 para obtener las instrucciones de funcionamiento de su IB Key en un iPhone
  • Consulte el artículo KB2277 para obtener las instrucciones de funcionamiento de su IB Key en un dispositivo operado con Android. 
  • Consulte el artículo KB3279 para encontrar las instrucciones de inicio de sesión en IBKR Mobile en caso de que la IB Key esté activada en otro dispositivo.
  • Consulte el artículo KB3073 para obtener más información sobre la función de autenticación de IBKR Mobile (IB Key)

 

Syndicate content