IBKR has a feedback function. You can submit a suggestion and then you can vote. We can submit a proposal and everyone votes for it. we could also collect ideas first and then someone makes the suggestion. Maybe that will help.
If you go to “Feedback”–> “All suggestions” and search for “2FA”, you will already find entries.
have you reinstalled the app? you can then connect the app to a different number. theoretically.
I actually see the app as extra vulnerability. Since the overall security is as good as SMS security, I don’t use the app.
In the IBKR Mobile App, when I press on two factors registration, the selection of the number appears after entering the account data. However, this is not a new device, but the device I used before. So the app probably recognizes the connection.
Then it doesn’t work with new devices 
In addition if there is a hack it will be necessary to (try and) deal with IBKR support in a call centre somewhere in US or India
…until their lawyers turn it against against you that you’re using a phone whose software isn’t up to date - and possibly can‘t be updated cause there’s no updates provide by the manufacturer 
I suspect they would implement it in a way that it could be reinitialized via SMS as well, so it wouldn’t be such a big improvement as I see it.
Allowing users to lower the daily / weekly withdrawal limits might be a good improvement to reduce the impact in the worst case. And increasing the limits should only take effect after a delay of at least a week, of course (and there should be at least an email notification).
I agree with that. At least:
Double verification (with mail and app)
Possibility to limit the payout (double verification also necessary)
Whitelist for payout accounts (double verification also necessary)
Double verification for payouts
I would like to come back to the naman.1 issue…
For me (my intuition), it was quite obvious that the account was fake. The question is what would be the motivation behind?
Idea 1: try to scam people on this forum… but how? this makes no sense to me.
Idea 2: bad press for IBKR / rumours of bad management… but why? This makes no sense other than this guy works for real competitors of IBKR.
Idea 3: a bored troll 
Well , I am in India currently for personal work. Check my linkedin profile if any questions.
No one has reached out yet to me on linkden to ask . People who are quizzing can reach out directly
Nopes. If sim attack was there how multiple cutomers were impacted.
Ibkr dont have answers right now. I have started investigation with legal authorities . They will investigate now.
Be mindful of your words. If you have any questions whyndont you talk to me on linkedin.
Also, for authenticity check my post on linkedin
To proove its authentic case. Multiple emails are going with Ibkr from 4 months.
Reach out to me on linkden or my email
If anyone has questions feel free to reach out on my linkedin and email.
Happy to answer. Well, i cant share more details on this platform.
I am a bit late to the party, but I also came to the conclusion that naman.1’s account was fake and trolling the forum. I suspended his account. In the mean time, I also hid the “less civil” messages on the thread.
I have gotten the same impression. His english in the comments was very bad compared to the linkedin post. Also the repeated copypaste requests to contact him on linkedin sounded very fishy.
Can we have a wish list for IBKR / IBIE?
As number one I would ask them to change ToS and state that in case of no gross negligence on the client’s part, IBKR will reimburse any losses due to a hack. They’ll have to specify what the client must do to secure account, and beyond that any losses should be covered by them, as Vanguard does. I can imagine that this would be an extra cost for them, so it may be implemented using a subscription for insurance, or a small AUM fee, that would be OK.
We are retail, I don’t want to be a security expert. Moreover, in case of IT systems if something bad happens, you may not even know what happened and how, you’d only see the result. And if the onus of proof is with you, that’s not good.
Second, it would help if:
Follow up on that:
The lady tried to call me back yesterday, but already headed to the last meeting. I called Saxo this morgning again and luckily got directly connected with her:
She got a “theoretical yes” from three different internal departments, regarding US ETF transfer to Saxo, but I will need to have a final confirmation (they know, that I am not a professional trader).
Therefore, I think, I will open an account with them; saw online a nice referral code which unlocks the “e-Steuerauszug” - for free. At many banks there is a hefty fee for such a statement.
Nice add-on, but not necessary, if I only have one or two positions…
By the way, finpension will lauch soon their own securities account. I am very looking forward, how their offering looks like…
I would like:
I think the whole thread here is unclear about one single important point: the fact that withdrawal is only possible towards accounts in your name, right?
The above request is basically to be able to hardcode also a list of IBANs to make this even more secure.
But again, the real fishy thing of this thread is how could it technically be that someone was able to withdraw money from IB to an account that is NOT in your name? Or are we saying the scammers managed to open a bank account in name of the scammed person while still being in control of it without problems? I would expect this close to impossible… maybe what happened is simply that scammers get control of both IB account AND your normal bank account, withdrawing the money from that one then… which is well… a rather big fraud while sadly realistic…
