Activating a Mobile Authenticator App

Instructions

Popular Mobile Authenticator apps

The majority of the Mobile Authenticator apps is primarily installed or designed for mobile devices, such as smartphones. We will guide you below, through some basic operations in situations where the app is installed on a smartphone. Here is a list of commercial and free for use apps, some of which can as well be installed on desktop machines.

1. Microsoft Authenticator

2. Google Authenticator

3. Tencent Authenticator

4. Authy

5. 1Password

6. KeePassXC

7. Yubico Authenticator

If you are not yet using an Authenticator app, we recommend to choose one that has a cloud sync and recovery mechanism, such as example apps 1-4 above.

Adding your IBKR login to your Mobile Authenticator app

• Instructions for Microsoft Authenticator

  1. If Microsoft Authenticator is already installed on your device, please jump directly to step 4, otherwise proceed with the next step.

  2. Open the default App Store for your device (AppStore for Apple iOS and Google Play Store for Android).

  3. Type "Microsoft Authenticator" in the search box and tap the button "GET" (on Apple iOS) or "Install" (on Android) to install the app.

     

     

  4. Tap on the icon to launch the app (or tap the button "Open" if you have installed the app right now).

     

  5. Acknowledge the disclaimers (if any). Should you have a Microsoft Account, you can tap the button "Sign in with Microsoft" and log in with that account.

     • If you do not want to use a Microsoft account, tap "Skip" on the top right corner of the screen.

       Note: Using the app without a Microsoft account means that you can not back up the login to the cloud.

        

       

  6. Tap on the "+" icon on the top right corner to add an account.

     

  7. Select "Other (Google, Facebook, etc.)"

     

  8. Frame with the camera the QR code shown in your IBKR Portal. The app may ask for the permission to access the camera. If that is the case, answer "Allow".

     Note: In case you can not use the device's camera, tap the button "Or enter code manually" and type the string displayed below the QR code.

      

     

  9. Your Interactive Brokers account will be added to the list. For the specific username you activated, the app will generate a new code every 30 seconds.

     

  10. Enter the current code in the field "Mobile Authenticator App Code" shown in your Portal (within the QR widget). Tap Activate to complete the process.

      Note: If the code validity countdown (the value in the small circle, next to the code) shows only few seconds remaining, please wait for a fresh code to appear.

       

      

  11. Starting from your next login, once your IBKR credentials have been accepted, you will be prompted to enter the current One-Time Password Code, as displayed by the Microsoft Authenticator app.

      Note: Please check the section Best Practices for additional recommendations

• Instructions for Google Authenticator

  1. If Google Authenticator is already installed on your device, please jump directly to step 4. otherwise proceed with the next step.

  2. Open the default App Store for your device (AppStore for Apple iOS and Google Play Store for Android).

  3. Type "Google Authenticator" in the search box and tap the button "GET" (on Apple iOS) or "Install" (on Android) to install the app.

     

     

  4. Tap the icon to launch the app (or tap the button "Open" if you have installed the app right now).

     

  5. Acknowledge the disclaimers (if any). Should you have a Google Account, you can tap the button "Continue As ..." and log in with that account.

     • If you do not want to use a Google account, tap "Skip" on the top right corner of the screen.

       Note: Using the app without a Google account means that you can not back up the login to the cloud.

     

     

  6. Tap on the "+" icon on the bottom right corner and select "Scan a QR Code". The app may ask for the permission to access the camera. If that is the case, answer "Allow".

     Note: In case you can not use the device's camera, you can select the button "Enter a setup key", manually enter the string displayed below the QR code and jump directly to point 8.

      

     

  7. Frame with the camera the QR code shown in your IBKR Portal.

     

  8. Your Interactive Brokers account will be added to the list. For the specific username you activated, the app will generate a new code every 30 seconds.

     

  9. Enter the current code in the field "Mobile Authenticator App Code" shown in your Portal (within the QR widget) and tap Activate in order to confirm the activation.

     Note: If the code validity countdown (the small circle, next to the code) is blinking red and shows only few seconds remaining, please wait for a fresh code to appear.

      

     

  10. Starting from your next login, once your IBKR credentials have been accepted, you will be prompted to enter the current One-Time Password Code, as displayed by the Google Authenticator app.

      Note: Please check the section Best Practices for additional recommendations

• Instructions for Tencent Mobile Authenticator
  

  激活騰訊身份驗證器：

  如何下載：（iOS和安卓的連結相同，因爲其會檢測操作系統）

  騰訊身份驗證器： https://sj.qq.com/appdetail/com.tencent.authenticator

  將您的IBKR登錄資訊添加到您的移動身份驗證應用程式（安卓和iOS的添加方式相似）：

  騰訊身份驗證器使用說明：

  1. 點選圖標打開應用程式（或者，如果您是剛剛安裝了應用程式，則點擊「打開」按鈕）

     

  2. 如要激活，請選擇「二維碼激活」選項

     

  3. 用手機照相機拍攝您的 IBKR網頁端中顯示的二維碼。應用程式可能會詢問您是否允許其使用照相機權限。如果是這樣，請點擊「允許」。

     注意：如果您無法使用設備的照相機，請點選「或手動輸入代碼」按鈕，然後輸入二維碼下方顯示的字串。

     

  4. 您的盈透證券賬戶將會被加入列表。針對您激活的特定用戶名，應用程式將每 30 秒生成一個新驗證碼。

     

  5. 在您網頁端中（二維碼小組件內）的「移動驗證應用程式驗證碼」欄輸入當前的驗證碼。點擊激活來完成程序。

     

  6. 從下次登錄開始，只要您的IBKR登錄資訊被接受，系統便會提示您輸入騰訊身份驗證器中顯示的一次性驗證碼。

  激活腾讯身份验证器：

  如何下载：（iOS和安卓链接相同，因为其会检测操作系统））

  腾讯身份验证器： https://sj.qq.com/appdetail/com.tencent.authenticator

  将您的IBKR登录信息添加到您的移动身份验证应用程序（安卓和iOS的添加方式类似）：

  腾讯身份验证器使用说明：

  1. 点击图标打开应用程序（或者，如果您是刚刚安装了应用，则点击“打开”按钮）

     

  2. 要进行激活，请选择“二维码激活”选项

     

  3. 用手机摄像头拍摄您的 IBKR网页端中显示的二维码。应用程序可能会询问您是否允许其使用摄像头权限。如果是这样，请点击“允许”。

     注意：如果您无法使用设备的摄像头，请点击“或手动输入代码”按钮，然后输入二维码下方显示的字符串。

     

  4. 您的盈透证券账户将被添加到列表中。针对您激活的特定用户名，应用程序将每 30 秒生成一个新代码。

     

  5. 在您网页端中（二维码小组件内）的“移动验证应用程序代码”字段输入当前的代码。点击激活来完成程序。

     

  6. 从下次登录开始，只要您的IBKR登录信息被接受，系统便会提示您输入腾讯身份验证器中显示的一次性代码。

   

  Activating a Tencent Mobile Authenticator App:

  • How to download the app: (Link is same for both iOS and Android as it detects the OS)

  • Tencent Mobile Authenticator App: https://sj.qq.com/appdetail/com.tencent.authenticator

  Adding your IBKR login to your Mobile Authenticator app (Similar for Android and iOS):

  Instructions for Tencent Mobile Authenticator app:

  1. If Tencent Mobile Authenticator is already installed on your device, please jump directly to step 4. otherwise proceed with the next step.

  2. Tap on the icon to launch the app (or tap the button "Open" if you have installed the app right now)

     

  3. For activation, Select the option “Scan Barcode”

     

  4. Frame with the camera the QR code shown in your IBKR Portal. The app may ask for the permission to access the camera. If that is the case, answer "Allow".

     Note: In case you cannot use the device's camera, tap the button "Or enter code manually" and type the string displayed below the QR code.

     

  5. Your Interactive Brokers account will be added to the list. For the specific username you activated, the app will generate a new code every 30 seconds.

     

  6. Enter the current code in the field "Mobile Authenticator App Code" shown in your Portal (within the QR widget). Tap Activate to complete the process.

     

  7. Starting from your next login, once your IBKR credentials have been accepted, you will be prompted to enter the current One-Time Password Code, as displayed by the Tencent Authenticator app.

• How to activate Tencent Authenticator from WeChat

  如何通过微信激活腾讯身份验证器

  1. 点击微信搜索框

     

  2. 输入“腾讯身份验证器”，然后按搜索

     

  3. 在搜索结果里，点击小程序里的“腾讯身份验证器”

     

  4. 点击“二维码激活”

     

  5. 扫描客户端里的二维码

     

  6. 扫描后腾讯身份验证器会显示一个6位的响应码

     

  7. 把响应码输入到二维码下的方框并按“激活”按钮

     

  如何通過微信啟動騰訊身份驗證器

  1. 點擊微信搜索框

     

  2. 輸入“騰訊身份驗證器”，然後按搜索

     

  3. 在搜索結果裏，點擊小程序裏的“騰訊身份驗證器”

     

  4. 點擊“二維碼激活”

     

  5. 掃描客戶端裏的二維碼

     

  6. 掃描後騰訊身份驗證器會顯示一個6位的響應碼

     

  7. 把響應碼輸入到二維碼下的方框並按“激活”按鈕

     

  1. Tap the Search box in WeChat

     

  2. Enter Tencent Authenticator and then tap Search

     

  3. Tap Tencent Authenticator in WeChat Mini Programs in the search results

     

  4. Tap Scan QR Code

     

  5. Scan the QR Code in Client Portal

     

  6. After scanning the QR code, Tencent Authenticator will generate a 6-digit response string

     

  7. Enter the response string into the box under the QR code and then hit Activate

     

• Instructions for a generic Password Manager (it needs to supports TOTP)

  1. Launch your favorite Password Manager application.

  2. If you have previously saved your IBKR Credentials in your Password Manager, certainly there will be an entry for your username. You can search for it. If an entry is not yet present, you can create it right now using your IBKR credentials as parameters.

     

  3. Edit the entry for your IBKR username.

     

  4. If your Password Manager supports TOTP, you should see a line called "One-Time Password" or similarly. On that line, tap on the small QR icon to activate your device camera.

     

  5. Frame with the camera the QR code shown in your Portal.

     

  6. Save the changes. For the specific username you activated, the app will generate a new code every 30 seconds.

     

  7. Enter the current code in the field "Mobile Authenticator App Code" shown in your Portal (within the QR widget) in order to confirm the activation.

     Note: If the code validity countdown (the value in the small circle, next to the code) is red and shows only few seconds remaining, please wait for a fresh code to appear.

      

     

  8. Starting from your next login, once your IBKR credentials have been accepted, you will be prompted to enter the current One-Time Password Code, as displayed by your favorite Password Manager application.

     Note: If your Password Manager includes a "Favorites" page, we recommend you to add your entry there, too. This will allow you to access it quickly. Please check the section Best Practices for additional recommendations.

      

     

Best practices

1. Enable the screen lock protection for the Mobile Authenticator app.

   This function controls the access to the app through Fingerprint / FaceID check. We strongly recommend you to protect your TOTP codes behind this additional layer of security.

   • On Google Authenticator the function can be enabled from the app Settings → Privacy Screen.

     

   • On Microsoft Authenticator the function can be enabled from the app Settings → iCloud Backup.

     

   • You can probably find the Screen Lock functions of Password Manager among the main app Settings or under the sub-category "Security".

     

2. Backup your Mobile Authenticator app configuration in the cloud.

   Several Mobile Authenticator apps offer the possibility to backup their configuration in the cloud. If, for some reason, the app became unusable or you inadvertently deleted it and you had to reinstall it, you can immediately restore its configuration without the need to call our Client Services.

   Note: On Microsoft Authenticator, the backup function requires you to log in with a Microsoft Account. On Google Authenticator, an iCloud account on iOS or a Google Account on Android is required.

   • On Google Authenticator, the function can be enabled from the cloud icon on the toolbar.

     

   • On Microsoft Authenticator the function can be enabled from the app Settings → iCloud Backup.

     

   • If your Password Manager app offers Backup or Sync functions, you can probably find them among the main app Settings or under the sub-category "Backup" or "Sync".

     

FAQ

1. Can I use the Mobile Authenticator along with other security devices?

   Yes. We support M2FA (Multiple 2-Factor Authentication) for the Mobile Authenticator. Upon login to IBKR, you will be able to select which 2FA method to use from a drop-down menu.

2. I have multiple usernames. Can I activate them on the same Mobile Authenticator app?

   Yes, absolutely. You can repeat the exact same activation procedure for all your usernames, in order to create multiple entries under your Mobile Authenticator app (one entry for each username).

   Alternatively, you can use different Mobile Authenticator apps for different users or groups of users, but we do not regard this as an optimal or practical solution, as it is very easy to forget or confuse this set-up.

3. Can I use multiple Mobile Authenticator apps to generate codes for the same user?

   In general it is not possible to have multiple Mobile Authenticator apps generating valid codes at the same time for a given user. Every time you activate a user, a new QR code (and hence a new secret key) is generated and the last key will override all the previous ones. Therefore, only the last Mobile Authenticator app that you have activated, will generate valid codes for that user. The other apps will generate invalid codes, which will be rejected upon login.

   There are few Password Manager and Mobile Authenticator apps (like 1Password, Authy) which can sync the codes across devices (through the creation of an account on their platform). In this way, they allow multiple devices to display valid codes.

4. I am planning to buy a new mobile device. How can I transfer the settings of my current Mobile Authenticator app to the new device?

   You have several solutions. We list them below, starting from the less time consuming:

   • Enable the Backup/Sync option for your Mobile Authenticator app (see point 2 in Best Practices) on your current phone or tablet. Once you have received your new device, you will be able to restore your app configuration directly from the cloud, within seconds. With this option, you would not need to have both devices simultaneously at hand.

   • Only for Google Authenticator: use the "Transfer Accounts" function from the main app menu (sandwich icon on the top left corner) and you will be able to copy the entries on your new phone. In order to use this option, you need to have both devices simultaneously at hand.

   • Start from scratch on the new device and scan again the QR code from your Portal to re-activate your user. With this option, you do not need to have the old device at hand but you need to have access to your Portal or contact our Client Services to obtain a temporary access. The entire operation could be time consuming, especially if you have multiple usernames to re-activate.

5. I removed my username entry from the Mobile Authenticator app but I am still prompted to enter the code upon log in to IBKR. What should I do?

   By design, removing the code generator entry from your Mobile Authenticator app does not simultaneously disable this 2FA method on the IBKR back-end systems. For this reason, our platforms will still prompt you to enter the Mobile Authenticator codes upon login, although you can no longer generate those codes on your app.

   Should you be unable to restore the entry on your Mobile Authenticator app using instructions at point 4 of Common issues and solutions, please Contact our Client Services on the phone to receive assistance.

6. Can I activate the Mobile Authenticator without installing a third party app on my smartphone?

   Yes, if your built-in password manager supports TOTP, you can use that instead of a third party app - this works on Apple iPhone and Samsung Phones.

   • If you have an iPhone running iOS 15 or above, you can scan the Mobile Authentication QR code directly from your Camera app and the iOS will ask you whether you want to add the code generator to an item already present in your built-in Password vault (Passwords & Keychain) . If your IBKR credentials are already saved there, select that item to activate the code generator. If your IBKR credentials are not yet saved, you can save them now and repeat the procedure.

   • On Android one built-in Password manager with TOTP support, which can be used as an IBKR Mobile Authentication app client is Samsung Pass.

      

FAQ - Issues & Solutions

1. When I try to scan the QR code, the camera does not activate.

   • On iOS devices, in the Global Settings of your device, locate your Mobile Authenticator app settings. There, make sure the switch to allow access to "Camera" is activated.

     

   • On Android devices, you can access that switch from the Global Settings of your device → Apps & Notifications → your Mobile Authenticator app → Permissions.

     

     Should you still be unable to use the camera to scan the QR code, please enter manually the strings displayed below the QR code instead.

2. The Codes generated by my Mobile Authenticator app are not accepted for the Activation.

   Please make sure that the entire operation of entering the codes in the activation screen does not exceed the code validity time window (30 seconds). Also, you should not use a code which is already about to expire but wait for a fresh one. If the code is nevertheless rejected, please check that your device internal clock is correct and automatically synced with the current time, as follows:

   • On iOS devices, you can enable this function from the Global Settings > General > Date & Time. Please make sure the switch "Set Automatically" is active and that the correct Time Zone is selected.

     

   • On Android devices you can enable this function from the Global Settings > System > Advanced > Date & Time. Please make sure the switch "Automatic Date & Time" is active and that the correct Time Zone is selected.

     

     Note: Only on the Google Authenticator app for Android, you would need as well to use the function "Sync Now", present within the app Settings → Time Correction for codes.

      

     

3. I activated a new Mobile Authenticator app for my user and now the codes generated by the old one are rejected.

   This is expected and by design. It is not possible to have multiple Mobile Authenticator apps generating valid codes at the same time for a given user. Only the last Mobile Authenticator app that you have activated will generate valid codes.

4. I had to reinstall my Mobile Authenticator app but I lost the entry I previously created.

   • If you previously enabled the Backup/Sync option (see point 2 in Best Practices) you can now restore the app configuration from the cloud. In the app main Settings or under the sub-category "Backup" or "Sync" you should find the Restore function.

   • If the Backup/Sync option was not active, you would need to manually re-create the entry for your username by scanning again the QR code from your Portal.

   • If the Mobile Authenticator was your only active 2FA method and you can not log in to your Portal, please contact our Client Services on the phone in order to obtain a temporary access.

 

Additional Resources

Learn About Two Factor Authentication for iPhone at IBKR Campus

Learn About Two Factor Authentication for Android at IBKR Campus

Visit the Mobile Trading Website