IBKR Mobile Authentication as a 2-Factor Solution

Overview: 

At IB, we are committed to protecting your account through the use of 2-Factor log in protection. With 2-factor protection, account access is provided through use of "Something you Know" (i.e. entry of user name and password combination) along with "Something you Have" (i.e., a tool which generates a random code to be entered after the user name and password).  This 2-Factor protection is intended to mitigate the risk of online hackers (who've acquired your password via malware or social engineering) accessing your account.

While IB offers multiple 2-Factor options, IBKR Mobile Authentication is generally viewed as the most convenient to access and operate. Outlined below are some of the convenience factors offered by this app.

 

1. Always Available: 
Your smartphone is always with you, as well as your tool to grant you secure access to your IB account

2. Convenient:
No additional devices to carry, track and watch out for. In the event of loss or change of phone, the IB Client Services can assist you to get the app back up and running at a moment’s notice.

3. Quick Activation:
A couple of minutes within the download of the app, you can already use it to authenticate into your account.

4. No Shipping, Delivery or Return:
No delivery delays, no return of devices with depleted batteries. A quick download suffices.

5. Secure, but quick and No-Hassle Login with our Seamless Authentication:
When logging into the Trading Platforms or the Account Management, you only need to enter your username and password - IBKR will send you a notification and you will use the IB Key protocol to complete the authentication, via fingerprint or PIN, depending on your configuration.

6. Allows for multiple users to authenticate with the same app:
If you have one security device for your personal IB account, one for your joint account with your spouse and one for your business account you will be happy to know that you can activate the same app for all those users (and more).

7. Available for every smartphone, everywhere:
IBKR Mobile can be downloaded from the Apple App Store if you have an iPhone. Android phone users can get the app as usual from the Google Play store. Clients in China can obtain the application on both Baidu and the 360.cn stores.

8. Works even Offline:
Should your phone be offline (like when on vacation or with a bad reception), you can still use IBKR Mobile Authentication. Even though Seamless Authentication won't be accessible, the application can generate the codes you need to access your account and trade.

9. Secure delivery for your Password Reset:
With IBKR Mobile installed and the  IB Key authentication activated, you can have the IB Client Services send you a temporary password to your phone in a secure way without exposing it through text messages and other means of communication. More services for interaction with

10. Small footprint:
IBKR Mobile can be downloaded even on the most restrictive data plans and be installed on your smartphone without hogging resources. The application size and its operational use of resources are limited to the absolute minimum, while not compromising on its security.

 

For a general overview of IBKR Mobile Authentication including installation, activation and operation, please see KB2260.

IBKR Mobile Authentication (IB Key) recovery

Background: 

The recovery procedure explained in this article is required in case:

A) You have reinstalled the IBKR Mobile app on the same smartphone
B) Your smartphone Operating System has been updated

 

Procedure:

In order to re-enable IB Key authentication via IBKR Mobile, please click on one of the below links, according to your smartphone Operating System

 

Apple iOS

  1. Launch the IBKR Mobile app. Whenever possible, the app will ask you to recover the setup. Tap Yes
  2. According to your phone hardware capabilities, you will be prompted to provide the security element originally used to secure the app (Fingerprint, Face ID, PIN). Please follow the on-screen instructions for this step
  3. If the reactivation has been successfully completed, you will see a confirmation message. Tap Done to finalize the procedure

 Back to top

 

 

Android

  1. Launch the IBKR Mobile app. Whenever possible, the app will ask you to recover the setup. Tap Recover Setup
  2. Review the Recovery directions and tap Continue
  3. Enter your credentials and tap Initialize Recovery
  4. You will receive an text message (SMS)containing an Activation Token. Enter it in the Activation Code field. According to your phone operating system and hardware capabilities, you might be prompted to provide as well the security element you originally used to secure the app (PIN, Fingerprint). Once done, tap Submit
  5. If the reactivation has been successfully completed, you will see a confirmation message. Tap Done to finalize the procedure
     

Back to top

 
 
References
  • See KB2260 for general instructions on how to use IBKR Mobile Authentication
  • See KB3073 for instructions on how to migrate the IB Key / IBKR Mobile authentication to a new smartphone

Cache Maintenance for IB apps on Android

Background: 

This procedure has proved to work as a solution for several issues, since it produces a complete reset of the malfunctioning IBKR app.

 

For Android OS 6.0 (Marshmallow) and higher

1.  Go to your phone's Settings Menu

2.  Below the Phone section, select Applications MOVED TO... Application Manager
Select Applications  Application Manager
 

3.  Scroll down and select the corresponding IB app which needs to be reset.

 

4.  Tap on Storage

 

5.  Tap on Clear Data MOVED TO... OK
   
 

6.  Confirm Data has been cleared.

 

7.  Reboot the phone

8.  Re-Launch app

 

 

For Android OS 5.0 (Lollipop) and previous versions

  1. Go to your phone Settings Menu
  2. Below the Device section, select Apps
    Select Apps
     
  3. Scroll down and select the corresponding IB app which needs to be reset.
      
     
  4. Tap on Clear data MOVED TO... OK
    Clear App data  Delete app data -> OK
     
  5. Confirm Data has been cleared
    Confirm Data cleared
     
  6. Reboot Phone
  7. Re-Launch app


Note: If after clearing the cache, manually adjusting the permissions and restarting your Android Device, the issue persists, please contact IB Customer Service  for further troubleshooting.


Related Articles:

  • For IB Key on Android overview refer to KB2277
  • For IB Key Recovery process on Android refer to KB2748

 

Verification of Mobile Telephone Numbers

Background: 

Clients who have completed the steps of verifying their mobile telephone numbers with IB will be able to receive account related communications directly to their phones in the form of a text message (SMS). This will help to reduce the need to access the Account Management Message Center for information on items such as Funding. In addition, a verified mobile number is a prerequisite for using the IB Key Authentication via IBKR Mobile or the SMS as second factor authentication.

Verification of a mobile number may be done through one of the following methods:

  • Set up messaging for your mobile telephone number. Please see KB2552 for details
  • Activate the IB Key Authentication via IBKR Mobile on your smartphone. Please see KB2260 for details

 

How to verify your mobile phone number

Overview: 

This article explains how to verify your mobile phone number.

If the verification of your phone number was not completed during the account application, you can complete it at any time by following these steps:

  • Log in to Account Management.
  • From the side menu, click on Settings and then on User Settings. Click on the configuration gear correspondent to Mobile Number. If you are using the Classic Account Management, this section can be reached from the top menu Manage Account -> Account Information -> Details -> Profile, by clicking on the link "Modify"

  • Click on VERIFY
  • Open your phone's messages app and you will find the SMS with the Confirm Code we sent to you.
    NOTE: message delivery time may vary and in some circumstances it can take few minutes.
     
  • Enter the Confirm Code you have received into the Confirmation Number field, then click CONTINUE.
     
  • If the code has been accepted, a green check mark will appear under the column SMS Verified. Click CONTINUE to finalize the procedure.
  • If your user does not have an active SLS device, it will be automatically enrolled in SMS for Two-Factor Authentication shortly afterwards. For instructions about login authentication via SMS, please see KB3196.
     

How to opt back into the Secure Login System

Overview: 

Clients who participate in the Secure Login System (SLS) program on a partial opt-out basis may expose themselves to risks and are therefore subject to certain restrictions (e.g. ability to trade Pink Sheet and OTCBB stocks).  Considering these factors along with the protection benefits afforded through a complete SLS protection, you may decide to fully opt back into the Secure Login System.  The following article provides the step-by-step instructions for accomplishing this.

Background: 

Please notice that in order to modify the security settings, your user needs to have the proper access rights. In case your user is not allowed to change the security settings, the system will show you a notice and will point you to the user which has such rights.

In order to opt back into the Secure Login System, please proceed as follows:

1. Open your browser and go to the web page www.ibkr.com.

2. Click on Login > Account Management
 
3. Enter your credentials and complete the authentication using your security device
 
4. From the left side menu, click on Settings > User Settings. Then, within the Security box, click on the whee(Configure) icon next to Secure Login System1
 
5. You will see a box titled "Secure Login Settings". Within that box, click on the wheel(Configure) icon
 
6. Select the radio button next to "I want to always use my Secure Login Device when logging in" and click on Continue
 
7. You will receive a confirmation that your settings have been updated. Click on OK to finalize the procedure

 

Notes

1. If you are using the Classic version of the Account Management, click on the top menu Manage Account, then Security >Secure Login System > SLS Opt Out. There select the radio button to Opt Back In on the line correspondent to your user.

 

References
  • See KB1131 for an overview of the Secure Login System
  • See KB1943 for instructions on requesting a replacement Digital Security Card+
  • See KB2636 for information and procedures related to Security Devices
  • See KB2481 for instructions about sharing the Security Login Device between two or more users
  • See KB975 for instructions on how to return your security device to IB
  • See KB2260 for instructions on activating the IB Key authentication via IBKR Mobile
  • See KB2895 for information about Multiple 2Factor System (M2FS)
  • See KB1861 for information about charges or expenses associated with the security devices
  • See KB69 for information about Temporary passcode validity

 

How to share a security device

Overview: 

IBKR allows individuals to maintain multiple user names within a single account or across distinct accounts under their control.  Individuals who do not wish to maintain multiple physical security devices may elect to consolidate and share a single device across their users. The prerequisites and the procedure for sharing devices are outlined below.

Note: Clients using the IBKR Mobile Authentication (IB Key) should not use the present device sharing procedure, since the IB Key allows multiple users to be enabled directly from the IBKR Mobile app itself (menu item: Authenticate -> Add user). 
 
Background: 

Prerequisites

The possibility of sharing a physical security device will be granted only if ALL the conditions below are respected:

a) The participant users belong either to the same entity or to different entities but with the same identification data (Date of Birth, Citizenship, Country of Legal Residence, Identification Document type and number or Social Security Number for US Citizens and residents). 

b) The participant users do NOT have a temporary security device (Temporary Code, Online Security Code Card) currently assigned to them.

c) The physical device offering the highest level of protection has to be shared. In case all the devices offer the same level of protection, whichever of them can be eligible. You can check the security level of your device in the table below:

Security level

Device name

Device image

Highest Digital Security Card+ (DSC+)
Lowest Security Code Card (SLS card)
 
 

Procedure:

1. Among the possible candidates, identify the device offering the highest level of protection and the user that device belongs to. We will call that user the device owner

2. Log in to your Client Portal page with the requesting user (NOT the device owner)

3. Click on Menu icon in the top-left then select Settings and then User Settings
 
 4. Click on the wheel (Settings) close to Secure Login System
 
5a. In case your user does not have any active device, the system will display the SLS enrollment menu. Select the item "I already have access to a Secure Login Device under a different username" and click on Continue
 
5b. In any other case, the system will display the device list. Click on Share Device to proceed further
 
6. Enter the credentials of the device owner you identified at point 1. and click on Continue.

 
7. According to the SLS Device about to be shared, the system will display a security element (either Challenge Code or Index Numbers). Operate the SLS Device and, using the security element provided by the system, generate a response code. Enter the response code in the correspondent field and click on Continue.
 
8. Once you have reviewed the correctness of the information entered, click on Continue.

 
9. The system will display the status of your request (see note a. for details). Click OK to finalize the procedure.

 

NOTES:

a. In the vast majority of cases your sharing request will be automatically and immediately approved, processed and enforced. In case the approval of our Compliance department is needed, your request will stay in a pending status until this step has been cleared.

b. Once the device sharing request has been processed, you could keep the redundant device/s in a safe place. In the future you might decide to cancel the device sharing and reactivate those devices instead. If you do not feel the need to store them, you can send them (only DSC+) back to us following the instructions contained on this page:
 

c. Here below you can see the most common error messages and their causes:

- Less secure device: This error is returned if you set up the less secure token as the one to be shared. Please identify the most secure device and share that one.

- Different identification information:
This error is returned if the identification data of the entities/individuals involved in the sharing does not match. If the users belong to different entities/individuals, please notice that the token sharing will NOT be possible by design.
If the users belong in fact to the same entity/individual, the mismatch could be due, for example, to an outdated identification document on record. In this case, you can contact our Client services to have the data rectified.

 

 References:
  • Overview of the Secure Login System: KB1131 or ibkr.com/sls 
  • Multiple Two-Factor Authentication System (M2FS): KB2895
  • How to share the Security Login Device between two or more users: KB2481
  • How to opt back into the Secure Login System: KB2545
  • Security considerations following SLS partial opt-out: KB1198
  • Are there any charges or expenses associated with the security devices? KB1861
  • How to troubleshoot Account Management Login Failures: KB1132
  • How to troubleshoot Trading Platform Login Failures: KB1133

 

IBKR Mobile Authentication Overview - iOS

Overview: 

This page covers specific points of installing and using IBKR Mobile for Authentication purposes and usign the IB Key protocol on iOS devices.  For general questions on IBKR Mobile Authentication, please refer to KB2260.

 

Table of contents

 

Requirements

  • Must be installed on an iOS device with Touch ID (fingerprint reader) or Face ID (facial recognition).
  • Device's software version must be iOS 11.0 or later.
  • Device must have either Touch ID, Face ID or Passcode enabled. Touch ID or Face ID is the recommended choice. Refer to Set up Touch ID or Set up Face ID for directions.
 Back to top
 

Installation

You can download IBKR Mobile app on your iPhone directly from the App Store

Get the IB Key from the Apple Store

How to download IBKR Mobile from the App Store:

  1. On your iPhone tap on the App Store App Store icon icon.
  2. Click on the Search icon (magnifying glass) in the lower right corner, then click in the search bar at the top, type IBKR Mobile then click Search.
  3. Look for IBKR Mobile from Interactive Brokers LLC, tap on GET to the right, then tap INSTALL
    (if prompted, enter your Apple ID password or provide your fingerprint.)
  4. Once the installation has completed, tap on Open to launch the IBKR Mobile app.
        

 

Back to top

 

Activation

Once the app is installed on your device you will need to activate it for the username you would like to enroll. This operation happens entirely on your phone and requires Internet access.

  1. On your phone open the IBKR Mobile app. If you receive a message asking your consent for IBKR notifications, tap Allow.

     
  2. Select Register Two-Factor, review instructions then click Continue.
        
  3. Enter your Account Username and Password then tap Continue.
            
  4. The default mobile phone number on record for your account will be already selected. If you are not able to receive text messages (SMS) on that number, you should choose a different one from the list (if applicable) or add a new one. To add a new mobile phone number, tap Add Phone number, enter the new number1 and corresponding Country.  Once you have selected your preferred mobile number from the list or added the new mobile number, tap Get Activation SMS.
  5. An SMS message will be sent with an Activation Token. Enter the token in the Activation Code field. Then tap Activate.
           
  6. According to your phone hardware capabilities, you might be prompted to provide or define the security element used to secure the app (Fingerprint, Face ID or PIN2). Please provide the requested security element.
         
  7. If the activation has been successful, you will see a confirmation screen. Tap Done to finalize the procedure
     

Once the IBKR Mobile authentication has been activated, you can close the app. Refer to Operation with Touch ID or Operation with Face ID below on how to use IBKR Mobile for authentication.

Notes:

  1. You must enter your phone number without your country's trunk prefix and only enter numbers without any spacing or special characters.
  2. The recovery PIN will be used to enable additional users or re-enable IBKR Mobile if it has been uninstalled. It must be at least 4 and up to 6 characters (letters, numbers and special characters allowed). Refer to KB2269 for additional guidelines.

Back to top
 

Operation with Touch ID

Once activated, operation of IBKR Mobile Authentication using Touch ID is as follows:


IMPORTANT NOTE: If you do not have Internet access while operating IBKR Mobile Authentication, please refer to the section "What if I don't receive the notification?"


  1. Enter your username and password into the trading platform or Client Portal login screen and click Login. If correct, a notification will be sent to your iPhone.
    Two Factor Authentication Prompt
     
  2. On your iPhone, check your notifications panel and select the IBKR Mobile app notification.
     
     
  3. Selecting the notification will launch the IBKR Mobile app. On your iPhone, place your finger that was registered for Touch ID on the Home Button. If the Touch ID has not been activated, IB Key will prompt you to enter the Passcode.
         

  4. If authentication succeeds, the log in will now automatically proceed.
    Login proceeds after authentication 

Back to top
 

Operation with Face ID

Once activated, operation of IBKR Mobile Authentication using Face ID is as follows:
IMPORTANT NOTE: If you do not have Internet access while operating IBKR Mobile Authentication, please refer to the section "What if I don't receive the notification?"

  1. Enter your username and password into the trading platform or Client Portal login screen and click Login. If correct, a notification will be sent to your iPhone.
    Two Factor Authentication Prompt
     
  2. On your iPhone, check your notification menu and select the IBKR Mobile app notification.
     
     
  3. Selecting the notification will launch the IBKR Mobile app. On your iPhone, look at the screen to authenticate via Face ID. If Face ID has not been activated, IB Key will prompt you to enter the Passcode.
            

  4. If authentication succeeds, the log in will now automatically proceed.
    Login proceeds after authentication 

Back to top
 
 

What if I don't receive the notification?

If notifications are disabled, no internet access is available or if you have a poor, unstable connection it is possible the notification may not arrive. In these cases operation of IBKR Mobile Authentication is as follows: 

  1. Click the link Click here if you do not receive the notification.

     
  2. This will generate challenge code and box to enter response.    
  3. Launch IBKR Mobile on your Smartphone, then select Authenticate.  Type the Challenge number into the corresponding box.
        
  4. If you use Touch ID, place your finger that was registered on the Home Button. If the Touch ID has not been activated, IBKR Mobile will prompt you to enter the Passcode. A response string will be generated. If you use Face ID, skip this step and go to the next one.
        
  5. If you use Face ID, look into the If the Touch ID has not been activated, IBKR Mobile will prompt you to enter the Passcode. A response string will be generated.
        
  6. Enter the response from your iPhone into the log in screen and click OK
  7. If authentication succeeds, the log in will now automatically proceed.
    Login Proceeds

 

Back to top

 

References:
  • See KB2748 for instructions on how to recover IBKR Mobile Authentication.
  • See KB3234 for troubleshooting missing IBKR Mobile notifications
  • See KB2745 for instructions on how to clear the cache for the IBKR Mobile app.

 

IBKR Mobile Authentication Overview - Android

Overview: 

This page covers specific points of installing IBKR Mobile and using the IBKR Mobile Authentication for authentication purposes and using the IB Key protocol on Android devices.  For general questions on the IBKR Mobile Authentication, please refer to KB2260.

 

Table of contents

 

Requirements

  • Must be installed on an Android Phone that has not been rooted.
  • Device's Android Version must be 5.0 or later.

 

Installation

You can download the IBKR Mobile app on your smartphone directly from;
Google Play Store, 360 Mobile Assistant or Baidu Mobile Assistant.

Get the IB Key from the Google Play store          Download IB Key from 360 Mobile Assistance          Download IB Key from Baidu Mobile Assistant
 

How to install IBKR Mobile from the Google Play Store:

  1. On your Android phone tap on the Play Store Google Play Store App icon app.
  2. Tap on the search bar at the top, type IBKR Mobile then tap Search.
  3. Locate the app IBKR Mobile from Interactive Brokers Group, then select it.
  4. Tap on Install to the right.
  5. Once the installation completes, tap on Open to launch the IBKR Mobile app.

     Search for IB Key on Google Play Store   Install IB Key on Google Play Store

 

Back to top

 

Activation

Once the app has been installed on your device you will need to activate it for the username you would like to enroll. This operation happens entirely on your phone and requires Internet access.

1. On your phone open the IBKR Mobile app, tap Register Two-Factor, review instructions and then tap Continue.
 
 

2. Enter your IB Account Username and Password then tap Continue.

 

3. The default mobile phone number on record for your account will be already selected. If you are not able to receive text messages (SMS) on that number, you should choose a different one from the list (if applicable) or add a new one. To add a new mobile phone number, tap Add Phone Number, enter the new number1 and corresponding Country.  Once you have selected your preferred mobile number from the list or added the new mobile number, tap Get Activation Code


4. An SMS message will be sent with an Activation Token. Enter the token in the Activation Code field, create a PIN2 then select Activate.
   
 

5. You will receive a message with the outcome of the operation. Tap Done to finalize the procedure.
 

Once IB Key Authentication via IBKR Mobile has been activated, you can close the app. Refer to Operation instructions below on how to use the IBKR Mobile for authentication.

 

Notes: 

  1. You must enter your phone number without your country's trunk prefix and only enter numbers without any spacing or special characters.
  2. The PIN must be at least 4 and up to 6 characters (letters, numbers and special characters allowed). Refer to KB2269 for additional guidelines.
Back to top
 

Operation

Once activated, you can use the IBKR Mobile to authenticate your login attempt as follows:
IMPORTANT NOTE: If you do not have Internet access while operating the IBKR Mobile, please refer to the section "What if I do not receive the notification?"

  1. Enter your IB Account credentials into your trading platform or Client Portal login screen and click Login. If your credentials have been accepted, a notification will be sent to your phone.
    Two Factor Authentication Prompt
  2. On your phone, swipe down from the top and check your notification drawer. Tap on the IBKR Mobile notification. If you have not received the notification, please refer to KB3234.
    IB Key Push Notification prompt on Android Phone 
  3. The IBKR Mobile app will open, prompting you for your fingerprint or your PIN, according to the hardware capabilities of your phone. Please provide the requested security element.
     
     
  4. If the authentication has succeeded, the trading platform or Account Management login process will automatically move ahead to the next phases.
    IB Key authenticate successful, TWS continues to login
 
Back to top
 

What if I do not receive the notification?

If notifications are disabled, no internet access is available or if you have a poor, unstable connection, the notifications may not reach your phone. In these cases the seamless authentication may not be available but you can still use the manual Challenge/Response authentication method as described below: 

  1. On your trading platform or Account Management login screen, click the link "Click here if you do not receive the notification".
    Click here if you do not receive the notification
  2. Challenge code will be displayed on the screen.
    TWS Two Factor Challenge/Response
     
  3. Launch the IBKR Mobile app on your Smartphone, select Authenticate (if necessary), enter your PIN and the Challenge code you obtained in the previous step. Tap Generate Passcode.
     
     
  4. Response String will be displayed.

     
  5. Enter the Response String into your trading platform or Client Portal login screen. Then click OK.
    Manually enter response string and click OK
     
  6. If the authentication has succeeded, the trading platform or Client Portal login process will automatically move ahead to the next phases.
    IB Key authenticate successful, TWS continues to login

 

Back to top

 

References:
  • See KB2748 for instructions on how to recover IBKR Mobile Authentication.
  • See KB3234 for troubleshooting missing IBKR Mobile notifications
  • See KB2745 for instructions on how to clear the cache for the IBKR Mobile app.
 

 

PIN Guidelines

Certain security devices used for accessing your IB account require the creation of a numeric PIN code at the point of request or activation. This PIN is intended as an additional layer of protection as it effectively prevents unauthorized individuals who may inadvertently come into possession of your device from operating it. It’s therefore important to select a PIN which you can easily remember, yet which is difficult for others to guess. Outlined below are a series of guidelines or best practices to be taken into consideration when creating your PIN:

• Do not use your own date of birth
• Do not use the date of birth of your children or any other immediate family member
• Do not use parts of your personal or business address, such as street name and number, ZIP and/or Postal Code
• Do not use any part of your Citizen ID (such as SSN or ID document number)
• Do not use phone numbers
 

Syndicate content