IB Secure Device

[walterjennings]

Quote from local_crusher:

Plain sucks. I had asked for an opt-out, but now IB refuses this ?

you would choose the chance of a hacker trojaning your machine, getting your login/pass and pumping and dumping your whole account over carrying around an RSA key generator with you and spending an extra 5 seconds entering a number after your password?

 

[rwk]

I understand why IB is doing this, and I applaud their concern for security. The device has been in use for some time and is a proven technology. I expect a lot of complaining, however. The device has tiny keys, a fairly poor display, and is not always easy to use. I too am concerned about my device going dead just when I need to do a trade. I would have preferred a circuit card or USB device of some kind.

 

[Realist]

Don't get me wrong, adding an additional layer of security is a great idea, however doing so while adding a complexity for traders is a very dangerous issue. I would recommend using the approach that most of the online banking institutions are using now which is the virtual keyboard. Customers obtain a PIN via snail mail and register their PIN on the banks website which then allows them to create thier own unique PIN. When the customer goes to login to their account or make any online transactions, the customer must enter this PIN code by clicking the characters in with the mouse. After 3 failed attempts, the account gets locked down and then the customer must call to verify the account. To me this presents less hassle for the customer while adding an additional layer of security and protection for the firm involved.

 

[giggollo]

Quote from walterjennings:

I wonder if they had the same fears when deciding to make cars require unique keys to start. "what if they lose them?".

I don't think that's a fair comparison. If you lose a car key, you have much more time to get a spare key or go get someone to open the car for you etc. Trading is much more time critical. Depending on when you lose the device or when it malfunctions, you could have very little time to "manage your positions". I think this is a legitimate concern. I say this with full belief that IB will do everything it can to ensure that the devices work perfectly and with full hope and optimism that nobody will encounter loss or malfunction of their device.

 

[walterjennings]

Quote from Realist:

Don't get me wrong, adding an additional layer of security is a great idea, however doing so while adding a complexity for traders is a very dangerous issue. I would recommend using the approach that most of the online banking institutions are using now which is the virtual keyboard. Customers obtain a PIN via snail mail and register their PIN on the banks website which then allows them to create thier own unique PIN. When the customer goes to login to their account or make any online transactions, the customer must enter this PIN code by clicking the characters in with the mouse. After 3 failed attempts, the account gets locked down and then the customer must call to verify the account. To me this presents less hassle for the customer while adding an additional layer of security and protection for the firm involved.

mouse loggers and screenshot taking is just as easy as key logging.... i dont see how that provides any extra protection beyond the fact that most hackers only use keylogging ... currently.

 

[local_crusher]

Quote from walterjennings:

you would choose the chance of a hacker trojaning your machine, getting your login/pass and pumping and dumping your whole account over carrying around an RSA key generator with you and spending an extra 5 seconds entering a number after your password?

You have no idea. Not about my work, systems, neither about my own security measures.

 

[IB Salvatore]

The majority of customers will receive a device that cannot have power or software issues. This is not the appropriate place to discuss the details.

Traders who want more information should contact us through secure channels (Chat & Inquiry Tickets).

 

[walterjennings]

Quote from local_crusher:

You have no idea. Not about my work, systems, neither about my own security measures.

if you use 'software' or 'hardware'. and think you are 100% safe. you might find yourself mistaken one day. exploits are found in almost every system, every OS, lots of pieces of networking hardware etc. thats not to say an RSA key gen setup doesn't run the risk of its own cracks or exploits.

 

[giggollo]

1. What are the steps IB will take to deploy this for individual accounts? eg will they first contact the client? How? Phone? Email? or will they just send this device in the mail and simultaneously notify the customer and require entry of the new PIN on a certain date?

2. What if you live in a remote area or overseas where mail delivery of the device is not reliable?

3. What additional steps will IB take to ensure that *in case of* failure or loss of these devices, that customers can liquidate positions immediately and will not have to be "put on hold" in an emergency.

 

[IB Salvatore]

1. What are the steps IB will take to deploy this for individual accounts? eg will they first contact the client? How? Phone? Email? or will they just send this device in the mail and simultaneously notify the customer and require entry of the new PIN on a certain date?
Customers will be contacted and actively enroll themselves through Account Management.

2. What if you live in a remote area or overseas where mail delivery of the device is not reliable?
This is a massive project. ALL variables have been taken into consideration. Customer convenience was the primary objective of the release.

3. What additional steps will IB take to ensure that in case of failure or loss of these devices, that customers can liquidate positions and will not have to be "put on hold" in an emergency.
We will beef up our phone support prior to the release. Customers will not lose control of their assets when they lose the device.