IBKR致力於保護您的賬戶和賬戶資產，防止欺詐行爲。安全登錄系統則為您的賬戶提供了額外一層安全保障。出於安全考慮，所有替換安全設備申請都必須通過電話咨詢并且只能在賬戶持有人或被授權使用者的身份經過本人口頭核驗后才能處理。需要立即登錄賬戶和更換安全設備的客戶，請指點IBKR客戶服務恢復登錄。

 

參考

• KB69：有關臨時密碼有效期的信息
• KB1131：安全登錄系統概述
• KB2636：安全設備相關信息與操作流程
• KB2481：在多個使用者之間共享安全登錄設備的相關説明
• KB2545：退出後重新加入安全登錄系統的相關説明
• KB975：如何將安全設備退還給IB
• KB2260：通過移動IBKR激活IB Key驗證
• KB2895：多重雙因素系統（M2FS）
• KB1861：安全設備費用信息

對於加入安全登錄系統的客戶，如果其安全設備找不到、遺失或損壞，IBKR會提供臨時密碼。客戶可在2天內使用此臨時密碼訪問客戶端和交易平臺。2天后，臨時密碼便不再能用於訪問交易平臺，但仍可在8天內供客戶訪問客戶端。但客戶端的訪問權限僅限於打印或保存在線安全代碼卡。

而在線安全代碼卡則有21天有效期，可以讓賬戶持有人有時間找出設備，或者如果是設備遺失或損壞導致需要更換也可在收到更換設備前繼續訪問賬戶。沒有實物安全設備又無法使用臨時密碼或在線安全代碼卡登錄的賬戶持有人要訪問賬戶需聯繫客戶服務（ibkr.com/support）。

恢復賬戶永久性訪問的最快辦法是安裝並激活採用IB Key的移動IBKR程序。有關此智能手機程序激活的詳細信息，請參見此處。

重要通知

根據政策，IBKR將不再為賬戶連續提供臨時密碼，而是會通過實物安全設備將賬戶保護提高至最安全等級。

參考鏈接

• KB70：請求臨時密碼的說明
• KB1131：安全登錄系統概述
• KB2636：安全設備相關信息與程序
• KB2481：在兩個或以上使用者之間共享安全登錄設備的說明
• KB2545：退出後再參加安全登錄系統的說明
• KB975：如何將安全設備退還給IBKR
• KB2260：通過移動IBKR激活IB Key驗證的說明
• KB2895：多重雙因素驗證系統（M2FS）
• KB1861： 安全設備更換費用

Table of Contents

1. Monitor your account
2. Maintain Accurate Account Information
3. Employ Safe Computing Practices
4. Protect your Data
5. Handle with caution pop-ups, unknown emails, and links
6. Handle passwords securely
7. Mandatory Secure Login System (SLS)
8. IP Restrictions 

1. Monitor your account

• Regularly check your account balances and positions through TWS and the daily statements available in Client Portal.
• Immediately report anything suspicious by contacting Client Services through any real-time method (Live Chat or Phone Call) listed under ibkr.com/support .

2. Maintain Accurate Account Information

• In the event that we detect unusual or suspicious activity, being able to contact you is essential.
• Accordingly, you should always ensure that the contact information you have provided (e.g. telephone numbers, email address) is always accurate.
  • To update your contact information, log in to our Client Portal. From the main menu, select Settings > User Settings and go to the Communication panel.

3. Employ Safe Computing Practices

• Lock your computer if you're leaving it for a period of time by setting up a password protected screensaver. Always turn off your computer when you have finished using it. This recommendation is imperative for mobile computers and highly recommended for shared machines.
• Avoid accessing your brokerage account from public computers. Some of those may have been targeted by hackers and have a keystroke-capture software. If you must use a public computer, remember the following:
  • Use the virtual keyboard on the login window to avoid having your keystrokes captured.
  • Log out after accessing your account.
  • Never leave the computer unattended while logged in.
  • Clear the browser cache after logoff so that no sensitive information remains stored on the computer.
• Regularly check for security updates and patches for your operating system and use the most current version of your browser.
• Create separate profiles (user/password protected) if your computer is shared with a third party.

4. Protect your Data

• Do NOT share personally identifiable information like your SSN, Credit Card number when answering an unsolicited email, phone call, text message, or instant message. In case of a doubt, ask for a name and a callback number, as well as an internal reference number for the communication.
• Do not share files unless it's absolutely necessary. It's a smart idea to disable the file and printer sharing features, but if you decide to use these, make sure that you configure the access permissions with strong passwords, and only share for specific users.
• Consider the encryption of your email communication:
  • It's important since it protects you from a data breach, and from the hacker to read your messages (the hacker won't have access to the information).
  • Either configure your email settings to encrypt your messages, or use an end-to-end encrypted email service (e.g. ProtonMail).

5. Handle with caution pop-ups, unknown emails, and links

• Beware of phishing - phishers try to trick you into clicking on a link that may result in a security breach. Make sure that for sensitive information and login, you mouse over links and/or verify the website's address in your browser's address bar.
• We recommend that you use a pop-up blocker (sometimes integrated in your browser) and set its security filter to the highest possible level. Then either add the IBKR website to your list of "trusted" sites, or disable your pop-up blocker while using our website.
• Use email safely, and delete without opening messages that don't originate from a trusted source as they may contain harmful attachments or links, or may be an attempt to fraudulently obtain sensitive information. Turn off the "preview pane" in your email system as this function can allow some viruses to be executed even if you never open the email. Make sure that you add to your address book the IBKR email addresses.

6. Handle passwords securely

• Use the maximum characters available and avoid simple or duplicate alphabetic and numeric sequences or passwords containing personal information.
• Do NOT share your password with anyone.
• Change your password frequently and do not use the same password for multiple systems.
• Do not leave notes on your monitor, keyboard, desk or drawer to help you remember your passwords.
• Use a password manager to store your passwords. This software will not only allow you to generate complex passwords, but as well to store them securely.

7. Mandatory Secure Login System (SLS)

• The Secure Login System provides an extra layer of security to your IBKR account at no charge through the use of a free physical security device or IBKR Mobile Authentication. The enrollment in our SLS program is mandatory.
• IBKR offers the following solutions:
  • SMS (automatic enrollment at account opening).
  • IB Key Authentication via IBKR Mobile (available to all our clients - requires a smartphone).
  • Digital Security Card + (available to accounts with a balance greater than 500K USD).
• We support multi-2FA, meaning whenever possible, we recommend users who have an active DSC+ to also activate IB Key on their smartphone.
• Click here for an Overview of our SLS Program (KB 1131)
• Click here for an details on IBKR Mobile Authentication (KB 2260)

8. IP Restrictions

• To prevent the login to your IBKR account from an unauthorized computer, enable IP Restrictions via the Client Portal.
• With IP Restrictions active, login to your account on any of our platforms (Client Portal, TWS and IBKR Mobile) will only be permitted if the device you are using is connected to the IP address(es) you've previously designated.
• Click here for further instructions on IP Restrictions

Requirements:

• The IBKR Mobile app must be installed and IBKR Mobile Authentication (IB Key) already activated on this iOS device.
• For more information on the installation and activation on iOS devices, please refer to KB2278.

Instructions:

1. On your iOS device, open the IBKR Mobile app.

     1.a. If the app opens with the login screen (Figure 1), tap on Services on the top-left corner (red arrow) and proceed with step 2. 

     1.b. If the app opens with your Home Page, Portfolio, Watchlists, or similar, tap on More on the bottom-right corner (Figure 2). Then tap on Two-Factor Authentication (Figure 3), followed by Add User (Figure 4) and proceed with step 3.

Figure 1.                                       Figure 2.                                       Figure 3.                                                                     

Figure 4.                                     

2. Tap on Authenticate (Figure 5) and then on Add User (Figure 6).

Figure 5.                                         Figure 6.

3. Read the instructions and then tap on Continue (Figure 7).

Figure 7.

3. Enter your Username and Password, and then tap on Continue (Figure 8). 

Figure 8.

4. An Authentication Code will be sent via SMS to the mobile phone number listed on your account (Figure 9). Enter this Authentication Code in the Activation Code field and tap on Activate (Figure 10).

Figure 9.                                                    Figure 10.

5. Depending on your smartphone's security settings, you will be asked to use your Passcode, Touch ID, or Face ID (Figure 11).

Figure 11.

6. If the activation has been successful, you will see a confirmation screen. Finally, tap on Done to complete the procedure (Figure 12).

Figure 12.