You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
IB security token Batteries
- Thread starter dont
- Start date
I only lock my front wheel, that way I can do a wheelie home if I get stuck.
The only risk for both methods is to loose the card/device. It kan be tat there are "only" 50.000 challenges with the passcode card, but you also have to know these challenges.Quote from JackR:
So basically the card method allows IB to send you 50,176 different challenges. Your card has a unique set of responses on it. If the number series on the reverse side of the card were numbered 225 - 448 then the number of unique challenges could go to 100,352. Each card is unique and is tied to a specific account. Thus, a challenge to you of 111 111 could produce a response of F39 H22. The response from another card might be 9A3 2CF.
The electronic token can handle 100 million different challenges ( IB sends an eight digit challenge). The token is much more secure.
And each token is also unique and tied to a specific account. So in practise, security is equal.
The token has a PIN required to activate it properly. Enter the wrong PIN and it still activates but it produces the wrong replies.
Lose the passcard (or just have it copied unknown to you) and the security it provides is gone.
From a protection standpoint I like the 100,000,000 challenge \reply pairs as opposed to 50,000.
Jack
Lose the passcard (or just have it copied unknown to you) and the security it provides is gone.
From a protection standpoint I like the 100,000,000 challenge \reply pairs as opposed to 50,000.
Jack
I think it depends on how paranoid a view you take of "the threat". The TWS connects (if so selected) over the internet using the secure socket layer. This immensely reduces the chance of your being attacked by a non-government entity using the "man-in-the-middle" technique. So, as you state, I agree that phishing is the main threat.
However, if you trade from an insecure location where someone can get at your machine the new security scheme eliminates the ability of someone using one of the auto-login programs available for TWS to login in your absence. It also eliminates "key capture" techniques and plain old watching you log-in and learning your password.
If you trade from a "secure" location like your home it prevents the same thing from happening if your spouse/in-law/children/visitor uses the auto-login. This assumes that you do not leave the passcard on the computer stand. The electronic token still requires your PIN so it could be left there with some feeling of security.
Jack
However, if you trade from an insecure location where someone can get at your machine the new security scheme eliminates the ability of someone using one of the auto-login programs available for TWS to login in your absence. It also eliminates "key capture" techniques and plain old watching you log-in and learning your password.
If you trade from a "secure" location like your home it prevents the same thing from happening if your spouse/in-law/children/visitor uses the auto-login. This assumes that you do not leave the passcard on the computer stand. The electronic token still requires your PIN so it could be left there with some feeling of security.
Jack
Quote from JackR:
The token has a PIN required to activate it properly. Enter the wrong PIN and it still activates but it produces the wrong replies.
Lose the passcard (or just have it copied unknown to you) and the security it provides is gone.
From a protection standpoint I like the 100,000,000 challenge \reply pairs as opposed to 50,000.
Jack
Actually, they are equal for the following reason.
I have been told by Tech Support...
That after 4 failures your account is LOCKED for 2 hours...
Which is a truly INSANE policy if true.
Since brute force attempts...
Would require thousands of tries for the card...
And millions for the Security Device...
What idiot chose the small number 4...
At which point a trader is locked out of his account.
For example...
The Security Device could not possibly be used by anyone...
With eyesight problems, tremor in their hands, a migraine headache, any number of medical conditions.
These devices DISCRIMINATE against handicapped people...
And unless an alternative is readily provided...
Would be ILLEGAL under Canadian law.
IB has no right whatsoever to lock the Customer out of his account...
For such ill-conceived, arbitrary reasons.
Q+:
What number of tries would you consider reasonable prior to the temporary lock-out?
How many tries for the card and how many for the token?
Did your customer service contact indicate whether an email would be sent advising the customer of the lock-out and the possibility that their account was under attack?
I guess in Canada IB could issue the less secure card to provide for the handicapped, if so requested\required by law.
Jack
What number of tries would you consider reasonable prior to the temporary lock-out?
How many tries for the card and how many for the token?
Did your customer service contact indicate whether an email would be sent advising the customer of the lock-out and the possibility that their account was under attack?
I guess in Canada IB could issue the less secure card to provide for the handicapped, if so requested\required by law.
Jack