Thanks for the answers.
So, it's a card (credit card type I supose) ??!! I've seen images of a kind of a calculator machine (hardware stuff) that can be seen
here.
Well if it's a card it's not so bad, my homebanking use the same technique, the only diference is that I only need it to make payments, wire transactions, etc, but on TWS since everything can "hurt" your money it makes sense that it should be asked right on the login process.
Better enable it than regret in the future not have done so.
TOPIC = Secure Transaction Program
As the architect of IB security, I am in no doubts that everybody should have some kind of security system for any sensitive access. It isn't just about phishing attacks; it is about a pool of very, very smart and focussed computer experts using mass spectrum data harvesting techniques to gather information that passes through compromised networks. A computer security firm did a 24 hour simulation and gathered something like 14000 login IDs in a 24 hour period. Many of these were not sensitive (for example logins to email, or news sites) but still it is something to consider.
Unless you are as expert, and as focussed as these people are, they will have the advantage. For now, there are enough naive people in the world who think internet computing is safe enough, or worse do not even understand how not-safe it is. Lots of low-hanging fruit (read "possible victims") for the hackers. Wireless hotspots, internet cafes, hotels, a myriad of other networks are all sources of exposure. Anywhere that someone else can see your data traffic even if ostensibly to pass it on.
SSL does not protect you (look up man-in-the-middle attacks on Google). The only true security is a physical device not readable from the computer (no UBS dongles). Even here, there are varying degrees of protection. Your goal should be to at least make sure you are not the low hanging fruit. Full security is inherently inconvenient. No lock on your house front door makes entry/exit easy. Putting 5 locks and alarms makes it more secure and also less convenient.
IB offers 3 levels: the card that has been described on the thread is the lowest form of security but it is a huge step up from having nothing. However, if you go to Thailand and leave the card in your room and someone takes a picture of it, and is running a snooper on the hotel internet to get your userID and password, there is no longer any security. We also offer 2 more sophisticated systems. By default, we offer the more complex systems to accounts with higher balances. It is beyond the scope of this post to explain all the fine points. You can just search for STP on our home page search to find a full writeup.
IB has built a very secure data environment. Our banking is in many ways awkward because of the various checks and controls we have in place to prevent theft or fraud. But ultimately, users must participate in a security program for it to work. The last time I checked (and admittedly my search was not exhaustive), there was never a documented case where a hacker broker through these systems unless they actually gained physical access to the security device (family members stealing the device, for example). But the thrid party hackers seem to be held at bay.
Subscribing to the STP program is the best way to secure your own assets. It is easy to do: simply go into Account Management and find the link in the left side menu to request a device.
