Identity theft has been a frequently recurring news item in recent years, impacting millions of customers of Target, Yahoo, LinkedIn, Dropbox, Equifax, and many others. Online brokers have not been immune from such incidents. In 2015, Scottrade announced that its nearly five million-member database had been hacked. TD Ameritrade reported a similar incident over a decade ago, back in 2007. (TD Ameritrade acquired Scottrade in 2017.)

And now, a recemt article in Wired magazine claims that “most of the platforms that millions of market participants rely on to move their money suffer from cybersecurity shortcomings.” The article cites the work of IOActive security consultant Alejandro Hernández, who “found that nearly all of the 40 major online trading platforms he investigated had at least some form of vulnerability.”

While there’s nothing you can do to prevent a company you do business with from being hacked, there are some steps you can take to protect your account. One such step is to use two-factor authentication (2FA) at your broker. This process provides another layer of protection, sending you a verification code when you log in or take some other action. Here’s how each of our five recommended brokers use two-factor authentication and what, if anything, you need to do to activate this security tool.

Fidelity offers two forms of two-factor authentication. The first is automatically used with all customers “when you perform highly sensitive transactions such as setting up new bank instructions or changing your contact information,” or if someone is trying to access your account using a device it doesn’t recognize or an Internet browser you haven’t used before. The second form of 2FA is optional. You can choose to download an app that will generate a new code for you to use in addition to your user name and password every time you log in.

For an overview of Fidelity's security procedures and tools, click here.

Schwab requires that you call to enroll in two-factor authentication (800-435-4000), which is then used when logging into your account. For an overview of Schwab’s approach to security, click here.

E-Trade requires that you download a free app in order to use two-factor authentication when logging into your account. For an overview of the company’s security procedures and offerings, click here.

Vanguard requires that you sign up for its two-factor authentication service, giving you your choice of using it every time you log into your account or only when Vanguard doesn’t recognize your device. Learn more here.

TD Ameritrade offers two types of two-factor authentication. Once you’re logged in to your account, click on “my profile” at the top of the screen and then “personal information.” Under “User ID security,” click the “edit” button for “two-step security method.” There you will be able to choose to receive either a security code or a security question if the company doesn’t recognize the device being used to access your account.

For an overview of TD Ameritrade’s security procedures and tools, click here

Asset protection guarantees

Importantly, all five of the brokers mentioned above say they will reimburse customers for any losses due to unauthorized account activity. But be sure to read their fine print. Each one lays out your responsibilities and steps it expects you to take to keep your account safe. Here are each company’s rules and regs:



E-Trade (see the footnote at this link).


TD Ameritrade

Two other very important steps you should take to protect the assets at your broker: 1. Always use unique passwords for each site (read Protecting Your Financial Assets by Stepping Up Your Cybersecurity), and 2. Don’t ever use a public wi-fi system when logging into your broker’s site.