How to enable and use SMS as Two-Factor Authentication method


SMS as Two-Factor method is a quick and easy way to carry out your authentication tasks. This article explains how to set up your mobile phone number to receive authentication codes via SMS.


How to Enroll into SMS authentication

To enroll into SMS Two-Factor Authentication, you would need to have a verified mobile phone number on record. If the verification of your phone number was not completed during the account application, you can complete it at any time by following these steps:

  • Log in to Client Portal.
  • From the side menu, click on Settings and then on User Settings. Click on the configuration gear correspondent to Mobile Number.

  • Click on VERIFY
  • Open your phone's text messages app and you will find the SMS with the Confirm Code we sent you.
    NOTE: message delivery time may vary and in some circumstances it can take few minutes. A new SMS may only be requested every 2 minutes.
  • Enter the Confirm Code you have received into the Confirmation Number field, then click CONTINUE.
  • If the code has been accepted, a green check mark will appear in the column SMS Verified. Click CONTINUE to finalize the procedure.
  • If your user does not have an active SLS device, it will be automatically enrolled in SMS for Two-Factor Authentication shortly afterwards.

    Back to top


How to login using SMS authentication

Once SMS has been enabled as 2-Factor Authentication method, you will be able to use it in the following way:

  • Launch the TWS or go to the Client Portal
  • Enter your username and password in the correspondent fields and click Login
  • You will then be prompted to enter the authentication code sent to you via SMS. Please open your phone's messages app and look for the message containing the code.

  • Enter the authentication code in the Security Code field present on the login screen, and then click on Login or OK

Back to top


Regulations Mandating Two-Factor Protection


Regulators in certain jurisdictions have imposed requirements that brokerage clients use Two-Factor Authentication when accessing their account. These requirements currently impact residents of Hong Kong and India with details provided below.

Hong Kong-based accounts

On 27 Oct 2017, the Securities & Futures Commission of Hong Kong (SFC) issued revised guidelines aimed at reducing the information security risks associated with internet trading.  All registered and licensed persons engaged in internet trading are required to comply. The Hong Kong Monteary Authority (HKMA) simultaneously issued a circular on the same day requiring all registered institutions to implement the requirements listed in the guidelines.

Per article 1.1 of the SFC guidelines, all clients are required to be enrolled in Two-Factor Authentication. As a result, we are no longer able to provide Hong Kong accounts with the ability to opt out of the Secure Login System.


India-based accounts

On March 25, 2014 the National Stock Exchange of India (NSEI) issued a circular with new requirements for stock brokers that operate in India. Per regulation 3b, all brokers must implement Two-Factor Authentication for Indian clients. As a result, we are no longer able to provide India accounts with the ability to opt out of the Secure Login System.





1.  進入手機的設置菜單

2.  在手機下方選擇應用程序 MOVED TO... 應用管理
Select Applications  Application Manager

3.  向下滾動,選擇要重置的IB程序。


4.  點擊存儲


5.  點擊清除數據 MOVED TO... 確定

6.  確認數據已清除。


7.  重啟手機

8.  重新打開應用程序




  1. 進入手機的設置菜單
  2. 設備下方,選擇應用程序
    Select Apps
  3. 向下滾動,選擇要重置的IB程序。
  4. 點擊清除數據 MOVED TO... 確定
    Clear App data  Delete app data -> OK
  5. 確認數據已清除。
    Confirm Data cleared
  6. 重啟手機
  7. 重新打開應用程序



  • KB2277安卓版IB Key概述
  • KB2748如何在安卓設備上恢復IB Key






  • 請勿使用您的生日
  • 請勿使用您孩子或者任何直系親屬的生日
  • 請勿使用您個人或者辦公地址信息,如街道名稱、門牌號碼、郵政編碼
  • 請勿使用您身份證件信息(如社保號或者身份證號碼)
  • 請勿使用電話號碼


  • 您本人或您的家庭成員或親屬的姓名首字母,或您所在城市的名稱或球隊的名稱
  • 您本人、您的家庭成員或親屬的姓和/或名






本文詳細介紹了通過移動IBKR重新激活IB Key驗證的步驟。




案例A) 在同一手機上重新激活

  • 您在同一個手機上卸載並重新安裝移動IBKR程序


  • 安卓移動IBKR的PIN碼+最初用來激活程序的手機號
  • Apple iOS手機PIN碼/指紋/FaceID+最初用來激活程序的手機號


案例B) 在另一手機上重新激活

  • 您更換了手機
  • 手機丟了,您現在換了一個新手機
  • 您在主要使用的手機上激活了移動IBKR驗證,但現在想遷移(臨時或永久)到備用手機上。


  • 安卓最初用來激活程序的手機號
  • Apple iOS手機PIN碼/指紋/FaceID+最初用來激活程序的手機號
注:如果您的使用者另外還有已激活的實物安全設備,那麼在上述情況下(A B)您隨時都可以重新激活/遷移移動IBKR驗證(IB Key)。這樣就不需要最初用來激活程序的手機號,因為系統會在重新激活/遷移過程中自動提示您使用實物安全設備,而不會向您發送短信。




  • KB2879&KB2260:有關移動IBKR驗證(IB Key)的一般信息
  • KB2260:如何安裝/激活/操作移動IBKR程序
  • KB2278:如何在蘋果手機上操作IB Key
  • KB2277:如何在安卓手機上操作B Key 
  • KB3279:在另一手機上啟用了IB Key的情況下如何登錄移動IBKR


How to reactivate or transfer the IBKR Mobile authentication?


This article details the steps needed to reactivate the IB Key authentication via IBKR Mobile.

This state of the application or its installation might be due, but not limited to, reinstallation of the app or the purchase of a new phone.


You can perform the reactivation without the involvement of IBKR Client Services in the following cases:


Case A) Reactivation on the same smartphone

  • You uninstalled and reinstalled the IBKR Mobile app on the same smartphone

Please click on one of the links below according to your phone operating system.

  • Android: IBKR Mobile PIN + Access to the mobile phone number originally used for the app activation
  • Apple iOS: Smartphone PIN / Fingerprint / FaceID + Access to the mobile phone number originally used for the app activation


Case B) Reactivation on a different smartphone

  • You are replacing your smartphone with a new one
  • You have lost your smartphone and you are now in possession of a new one
  • You activated the IBKR Mobile authentication on your primary smartphone but you now want to transfer
    the activation (either temporarily or permanently) to the secondary one.

Please click on one of the links below according to your phone operating system.

  • Android: Access to the mobile phone number originally used for the app activation
  • Apple iOS: Smartphone PIN / Fingerprint / FaceID + Access to the mobile phone number originally used for the app activation
Note: In the above cases (A, B) you will always be able to reactivate / transfer the IBKR Mobile Authentication (IB Key) when you possess an additional physical security device currently active for your user. With this setup, you will not need to have access to the mobile phone number originally used for the app activation, since the system will automatically prompt you to operate your physical security device instead of sending you a text message (SMS) during the reactivation / transfer procedure.

    In any other case, we would kindly ask you to request a temporary account access by contacting IBKR Client Services (Secure Login department) on the phone number best suitable for your location, among the ones listed on



  • See KB2879, KB2260 for General information about IBKR Mobile Authentication (IB Key)
  • See KB2260 for instructions on how to install/activate/operate the IBKR Mobile app
  • See KB2278 for instructions on how to operate your IB Key on an Apple iPhone
  • See KB2277 for instructions on how to operate your IB Key on an Android smartphone: 
  • See KB3279 for instructions on how to log in to IBKR Mobile when IB Key is enabled on another phone


Mobile Phone Verification during the account application


IB requires that clients verify their mobile phone in order to receive account and trade related communication directly via SMS.  Clients who fail to verify their phone will be subject to trade restrictions pending completion of this process. Verification is performed online and the steps for doing so are outlined below.
In case your account has been already opened but your mobile number has not been yet verified, please jump directly to KB2552 to complete the verification process.


Phone Verification

When completing your Interactive Brokers Account Application, you will see a blue bar at the top of the page that says "CONFIRM MOBILE NUMBER."

You can click on that bar any time during steps 1-4.   Once you do, you will see this window:

Once you have entered your full number, it will be recognized and a confirmation message is sent immediately.  Validate your phone number by entering the SMS Code received in the Confirmation Code field and click Submit.

If you are unable to do this during the application process, you can always confirm it on the Application Status page


Please consider the following as certain restrictions may apply:

  • SMS messages may be blocked if you participate in your Countries NDNC (National Do Not Call) registry.
  • Due to fraud prevention measures, virtual number providers may be blocked.
  • Some carriers may restrict the Hours of delivery for SMS messages.


Multiple 2-Factor System (M2FS)


This page covers specific points on what the Multiple 2-Factor System (M2FS) is and how it functions. For general questions on the Secure Login System, please refer to KB1131.


Table of contents


What is M2FS?

M2FS allows any client to maintain more than one active security device at the same time. You no longer need to choose between a physical security device and the IBKR Mobile app as either can be used interchangeably. If you already possess an active security device, any further device activation will result in both devices remaining simultaneously active.


Back to top 



In case you currently use the Security Code Card / Digital Security Card+: if you use a physical security device, you may download and activate the IBKR Mobile app. Please refer to the directions for Android and iOS.

In case you currently use the IBKR Mobile app: If you use the IBKR Mobile app and have an account with a balance equal or greater than USD 500K, you qualify for the Digital Security Card+ . You may log in to Client Portal and request the DSC+ by following the instructions here.


Back to top  


Once you have both a physical device and the IBKR Mobile app enabled, M2FS is represented by a drop-down menu upon login. You can now choose the device you wish to authenticate with, following the below steps:

1. Enter your username and password into the trading platform or Client Portal login screen and click Login. If the credentials have been accepted, a drop down will appear, allowing you to Select Second Factor Device. If you log in to the TWS, please notice that the M2FS is supported from version 966.


Client Portal:


2. Once you select a security device, you will now be presented with the corresponding screen for authentication. Refer to the directions for:

- IB Key via IBKR Mobile (iOS) 
- IB Key via IBKR Mobile (Android)
- Security Code Card
- Digital Security Card+

3. If the second factor authentication succeeds, the Log-in will now automatically proceed.


Back to top

Withdrawal limits

The device used to authenticate your withdrawal will define your withdrawal limits, according to the below table:

Security Device
used for Withdrawal

Maximum Withdrawal
Per Day

Maximum Withdrawal
in Five Business Days

Security Code Card1 USD 200,000 USD 600,000
IBKR Mobile app USD 200,000 USD 600,000
Digital Security Card1 USD 1,000,000 USD 1,500,000
Digital Security Card+ Unlimited Unlimited
Gold Device1 Unlimited Unlimited
Platinum Device1 Unlimited Unlimited

1: Represents a legacy device that is no longer issued.

Example: You have both the IBKR Mobile app and the Digital Security Card+ enabled and you need to withdrawal more than USD 200K. You can use either device to login to Client Portal but you will be required to use the Digital Security Card+ to confirm your withdrawal request.


Back to top


M2FS provides even more flexibility to IBKR's Secure Login System by allowing you to choose what security device you want to authenticate with. In addition to the convenience of using a device which is trusted and routinely accessible, you can eliminate delays associated with authenticating at times a trade needs to be entered quickly.


Back to top 

IBKR Mobile Authentication as a Two-Factor Solution


At IBKR, we are committed to protecting your account through the use of 2-Factor log in protection. With 2-factor protection, account access is provided through use of "Something you Know" (i.e. entry of user name and password combination) along with "Something you Have" (i.e., a tool which generates a random code to be entered after the user name and password).  This 2-Factor protection is intended to mitigate the risk of online hackers (who've acquired your password via malware or social engineering) accessing your account.

While IBKR offers multiple 2-Factor options, IBKR Mobile Authentication is generally viewed as the most convenient to access and operate. Outlined below are some of the convenience factors offered by this app.


1. Always Available: 
Your smartphone is always with you, as well as your tool to grant you secure access to your IBKR account.

2. Convenient:
No additional devices to carry, track and watch out for. In the event of loss or change of phone, IBKR Client Services can assist you to get the app back up and running at a moment’s notice.

3. Quick Activation:
A couple of minutes within the download of the app, you can already use it to authenticate into your account.

4. No Shipping, Delivery or Return:
No delivery delays, no return of devices with depleted batteries. A quick download suffices.

5. Secure, but quick and No-Hassle Login with our Seamless Authentication:
When logging into the Trading Platforms or the Client Portal, you only need to enter your username and password - IBKR will send you a notification and you will use the IB Key protocol to complete the authentication, via your mobile biometrics or PIN, depending on your configuration.

6. Allows for multiple users to authenticate with the same app:
If you have one security device for your personal IBKR account, one for your joint account with your spouse and one for your business account you will be happy to know that you can activate the same app for all those users (and more).

7. Available for every smartphone, everywhere:
IBKR Mobile can be downloaded from the Apple App Store if you have an iPhone. Android phone users can get the app as usual from the Google Play store. Clients in China can obtain the application on both Baidu and the stores.

8. Works even Offline:
Should your phone be offline (e.g. when on vacation or with a bad reception), you can still use IBKR Mobile Authentication. Even though Seamless Authentication won't be accessible, the application can generate the codes you need to access your account and trade.

9. Secure delivery for your Password Reset:
With IBKR Mobile installed and the IB Key authentication activated, you can have the IBKR Client Services send you a temporary password to your phone in a secure way without exposing it through text messages and other means of communication.

10. Small footprint:

IBKR Mobile can be downloaded even on the most restrictive data plans and be installed on your smartphone without hogging resources. The application size and its operational use of resources are limited to the absolute minimum, while not compromising on its security.


For a general overview of IBKR Mobile Authentication including installation, activation and operation, please see KB2260.





  • 登錄賬戶管理。
  • 在側邊欄菜單中,依次點擊設置 用戶設置。點擊手機號碼對應的配置齒輪圖標如您使用的是傳統賬戶管理,您可通過管理賬戶 -> 賬戶信息 -> 詳情 -> 個人信息菜單,點擊“修改”鏈接找到該板塊。

  • 點擊驗證
  • 打開您手機的短信應用,您將看到我們發送給您的帶有確認碼的短信。
  • 確認號碼區域輸入您收到的確認碼 ,然后點擊繼續
  • 如該確認碼被接受,則“短信已驗證”欄目下會出現一個綠色的勾。點擊繼續完成操作。
  • 如您的用戶沒有活躍的SLS設備,該用戶將很快自動被納入短信雙因素驗證項目。有關如何通過短信完成登錄驗證的說明,請見KB3196


Syndicate content