Support Two Factor login with TOTP

[perriea]

Hi !

Is Two Factor login with TOTP supported? If not, will this be the case in the future?

Thanks !

[rlktradewright]

Well, it depends what you mean.

If you have activated your authenticator app to work with TWS/Gateway, 2FA with TOTP should work fine. Note that if you have configured more than one 2FA method (eg both TOTP and IBKR Mobile) then you will have to use the SecondFactorDevice setting in config.ini to specify which one to use. You should then be presented with the correct dialog to enter the one-time code, which you have to enter manually.

But if you were hoping that the one-time code could be entered automatically by IBC, there is absolutely no possibility of this ever happening.

[perriea]

Thank you for your awser Richard! Yes, it's for an automatic case... I have many accounts now (companies, personal...) and it's risky to have all the IBKR keys on my cell phone... If anyone has the same case and an advice! :)

[apisarev]

@rlktradewright This is possible now. For some or all new users, IBKR allows them to set up the new "Mobile Authenticator" 2FA method, which doesn't require using the IBKR mobile app. During the 2FA setup, you can get a secret key that allows you to generate the TOTP code yourself. Here is an example of a TOTP code generator from the secret key. https://totp.danhersam.com/

In IB Gateway and TWS, an additional screen can be detected and passed by with TOTP code generation. Meaning the login process could be fully automated.

[rlktradewright]

Sorry, no chance.

If the login is fully automated, by which I presume you mean that IBC would generate the OTP itself and enter it directly into the TWS/Gateway dialog, then 2FA is actually not providing any additional security at all.

So someone with access to the computer would need to know neither the password nor the OTP (if IBC is in use).

That sounds completely unacceptable to me.