Activating a Mobile Authenticator App

Instructions
Popular Mobile Authenticator apps

The majority of the Mobile Authenticator apps is primarily installed or designed for mobile devices, such as smartphones. We will guide you below, through some basic operations in situations where the app is installed on a smartphone. Here is a list of commercial and free for use apps, some of which can as well be installed on desktop machines.

  1. Microsoft Authenticator

  2. Google Authenticator

  3. Authy

  4. 1Password

  5. KeePassXC

  6. Yubico Authenticator

If you are not yet using an Authenticator app, we recommend to choose one that has a cloud sync and recovery mechanism, such as example apps 1-4 above.

Adding your IBKR login to your Mobile Authenticator app

Best practices

  1. Enable the screen lock protection for the Mobile Authenticator app.

    This function controls the access to the app through Fingerprint / FaceID check. We strongly recommend you to protect your TOTP codes behind this additional layer of security.

    • On Google Authenticator the function can be enabled from the app Settings → Privacy Screen.

      The Google authenticator privacy screen

    • On Microsoft Authenticator the function can be enabled from the app Settings → iCloud Backup.

      The Microsoft Authenticator app lock button

    • You can probably find the Screen Lock functions of Password Manager among the main app Settings or under the sub-category "Security".

      The generic password manager screen lock functions

  2. Backup your Mobile Authenticator app configuration in the cloud.

    Several Mobile Authenticator apps offer the possibility to backup their configuration in the cloud. If, for some reason, the app became unusable or you inadvertently deleted it and you had to reinstall it, you can immediately restore its configuration without the need to call our Client Services.

    Note: On Microsoft Authenticator, the backup function requires you to log in with a Microsoft Account. On Google Authenticator, an iCloud account on iOS or a Google Account on Android is required.

    • On Google Authenticator, the function can be enabled from the cloud icon on the toolbar.

      The Google Authenticator cloud backup button.

    • On Microsoft Authenticator the function can be enabled from the app Settings → iCloud Backup.

      The Microsoft Authenticator cloud backup button.

    • If your Password Manager app offers Backup or Sync functions, you can probably find them among the main app Settings or under the sub-category "Backup" or "Sync".

      The password manager app cloud backup

FAQ

  1. Can I use the Mobile Authenticator along with other security devices?

    Yes. We support M2FA (Multiple 2-Factor Authentication) for the Mobile Authenticator. Upon login to IBKR, you will be able to select which 2FA method to use from a drop-down menu.

  2. I have multiple usernames. Can I activate them on the same Mobile Authenticator app?

    Yes, absolutely. You can repeat the exact same activation procedure for all your usernames, in order to create multiple entries under your Mobile Authenticator app (one entry for each username).

    Alternatively, you can use different Mobile Authenticator apps for different users or groups of users, but we do not regard this as an optimal or practical solution, as it is very easy to forget or confuse this set-up.

  3. Can I use multiple Mobile Authenticator apps to generate codes for the same user?

    In general it is not possible to have multiple Mobile Authenticator apps generating valid codes at the same time for a given user. Every time you activate a user, a new QR code (and hence a new secret key) is generated and the last key will override all the previous ones. Therefore, only the last Mobile Authenticator app that you have activated, will generate valid codes for that user. The other apps will generate invalid codes, which will be rejected upon login.

    There are few Password Manager and Mobile Authenticator apps (like 1Password, Authy) which can sync the codes across devices (through the creation of an account on their platform). In this way, they allow multiple devices to display valid codes.

  4. I am planning to buy a new mobile device. How can I transfer the settings of my current Mobile Authenticator app to the new device?

    You have several solutions. We list them below, starting from the less time consuming:

    • Enable the Backup/Sync option for your Mobile Authenticator app (see point 2 in Best Practices) on your current phone or tablet. Once you have received your new device, you will be able to restore your app configuration directly from the cloud, within seconds. With this option, you would not need to have both devices simultaneously at hand.

    • Only for Google Authenticator: use the "Transfer Accounts" function from the main app menu (sandwich icon on the top left corner) and you will be able to copy the entries on your new phone. In order to use this option, you need to have both devices simultaneously at hand.

    • Start from scratch on the new device and scan again the QR code from your Portal to re-activate your user. With this option, you do not need to have the old device at hand but you need to have access to your Portal or contact our Client Services to obtain a temporary access. The entire operation could be time consuming, especially if you have multiple usernames to re-activate.

  5. I removed my username entry from the Mobile Authenticator app but I am still prompted to enter the code upon log in to IBKR. What should I do?

    By design, removing the code generator entry from your Mobile Authenticator app does not simultaneously disable this 2FA method on the IBKR back-end systems. For this reason, our platforms will still prompt you to enter the Mobile Authenticator codes upon login, although you can no longer generate those codes on your app.

    Should you be unable to restore the entry on your Mobile Authenticator app using instructions at point 4 of Common issues and solutions, please Contact our Client Services on the phone to receive assistance.

  6. Can I activate the Mobile Authenticator without installing a third party app on my smartphone?

    Yes, if your built-in password manager supports TOTP, you can use that instead of a third party app - this works on Apple iPhone and Samsung Phones.

    • If you have an iPhone running iOS 15 or above, you can scan the Mobile Authentication QR code directly from your Camera app and the iOS will ask you whether you want to add the code generator to an item already present in your built-in Password vault (Passwords & Keychain) . If your IBKR credentials are already saved there, select that item to activate the code generator. If your IBKR credentials are not yet saved, you can save them now and repeat the procedure.

    • On Android one built-in Password manager with TOTP support, which can be used as an IBKR Mobile Authentication app client is Samsung Pass.

       

FAQ - Issues & Solutions

  1. When I try to scan the QR code, the camera does not activate.

    • On iOS devices, in the Global Settings of your device, locate your Mobile Authenticator app settings. There, make sure the switch to allow access to "Camera" is activated.

      The Mobile Authenticator app activate camera button on iOS

    • On Android devices, you can access that switch from the Global Settings of your device → Apps & Notifications → your Mobile Authenticator app → Permissions.

      The Mobile Authenticator activate camera on Android.

      Should you still be unable to use the camera to scan the QR code, please enter manually the strings displayed below the QR code instead.

  2. The Codes generated by my Mobile Authenticator app are not accepted for the Activation.

    Please make sure that the entire operation of entering the codes in the activation screen does not exceed the code validity time window (30 seconds). Also, you should not use a code which is already about to expire but wait for a fresh one. If the code is nevertheless rejected, please check that your device internal clock is correct and automatically synced with the current time, as follows:

    • On iOS devices, you can enable this function from the Global Settings > General > Date & Time. Please make sure the switch "Set Automatically" is active and that the correct Time Zone is selected.

      The Mobile Authenticator date & time settings iOS

    • On Android devices you can enable this function from the Global Settings > System > Advanced > Date & Time. Please make sure the switch "Automatic Date & Time" is active and that the correct Time Zone is selected.

      The Mobile Authenticator date & time settings on Android.

      Note: Only on the Google Authenticator app for Android, you would need as well to use the function "Sync Now", present within the app Settings → Time Correction for codes.

       

      The Mobile Authenticator time synch

  3. I activated a new Mobile Authenticator app for my user and now the codes generated by the old one are rejected.

    This is expected and by design. It is not possible to have multiple Mobile Authenticator apps generating valid codes at the same time for a given user. Only the last Mobile Authenticator app that you have activated will generate valid codes.

  4. I had to reinstall my Mobile Authenticator app but I lost the entry I previously created.

    • If you previously enabled the Backup/Sync option (see point 2 in Best Practices) you can now restore the app configuration from the cloud. In the app main Settings or under the sub-category "Backup" or "Sync" you should find the Restore function.

    • If the Backup/Sync option was not active, you would need to manually re-create the entry for your username by scanning again the QR code from your Portal.

    • If the Mobile Authenticator was your only active 2FA method and you can not log in to your Portal, please contact our Client Services on the phone in order to obtain a temporary access.

 

Additional Resources

Learn About Two Factor Authentication for iPhone at IBKR Campus

Learn About Two Factor Authentication for Android at IBKR Campus

Visit the Mobile Trading Website