contents

Authentication is necessary in four situations.

1. login
2. telephone call-in
3. in person
4. signature

Authentication methods

• email address
• phone number - Sim card, land line, VOIP numbers not always allowed
• push notification to an app - a feature available on most phones
• phone app

Categories of authentication factors:

• Knowledge Factors - things you know:
  • username
  • ID
  • password
  • PIN
  • challenge question and response
  • OTP - one-time passcode
• Possession Factors - things you have:
  • OTP token, hardware or software that generates an OTP
  • key fobs
  • smartphones with OTP apps
  • employee ID cards
  • sim cards
• Inherence Factors - things you are, biometrics:
  • fingerprint scans
  • facial recognition
  • voice recognition
  • retina scans
  • iris scans
  • hand geometry
  • earlobe geometry
• Time
• Location

Single Factor Authentication (SFA) - use factors from only one category
Two Factor Authentication (2FA) - use at least one factor from each of two categories
Three Factor Authentication (3FA) - use at least one factor from each of three categories
Multi Factor Authentication (MFA)

Username/password is SFA because it uses only one category: knowledge factors. SFA = weak.

Email address is a knowledge factor.
If you receive an OTP via email, this can imply possession of a secured device and access method to receive the OTP.

Phone number is a knowledge factor.
Sim card is a possession factor.
Land line is a possession factor but is weak because it might be shared.
VOIP number associated with a device is a possession factor, but is weak because it might be accessed from multiple devices, i.e. computer and phone.

Phone app, makes possible:
push notification - available on most modern phones
PIN
Code generation

Vulnerabilities

• SIM swapping
• email interception

Strengths

• independence from networks, like email and sim

Google Authenticator - app available at Google Play Store
ID.me Authenticator app
IBKR Authenticator app
SDFCU mobile app, push notification

ID.me (SSA,IRS) - text message to phone/sim, Authenticator
SDFCU - push notification to SDFCU mobile app, plus text message to phone/sim
IDBKR - push notification to IBKR App, plus PIN entered into App

ID.me
text message to phone/sim
push notification to ID.me Authenticator App
Code Generator via ID.me Authenticator App

SDFCU
text message to phone/sim
voice message to phone/sim
WhatsApp
From Call Center
push notification to SDFCU mobile app

IBKR
push notification to IBKR App

Email
Email server company fails.

Sim card
get a new sim card
roaming fails
out of cellular coverage

Phone
new phone
lost, stolen, damaged phone

Recovery
get a new phone, install apps from play store
get a new sim card
use alternate email address

Be prepared.
Have multiple authentication methods in place.
Alternate email address.

In each app, how do we reset authentication for new phone, new sim, new email?

If authentication is based on a SIM, and the user travels, the SIM card must do roaming.
AIS sim card does roaming by default.
User can also buy a roaming package thru the MyAIS app, before or during travel.

The IB authentication works via push notification on my phone.
So as long as my phone is on the internet, the authentication will work.
It does not need to be the same SIM card. It could be Wi-Fi.
This could be tested here by removing the SIM card.

The credit union authentication uses an email code. That does not depend on the SIM card but does require an internet connection.

How could I lose access to my email address?

What are my goals? Well ideally for being prepared for the future I want to be able to travel anywhere including America or South America and Europe and Asia.

So I need to figure out if my current systems support that or if I need to add or maintain some systems.

for id.me
now only one authentication method - sim card

Test Message or Phone Call - fair
we could add a text message sent to 847 number

Push Notification - moderate
Approve sign-ins via Push Notifications sent to the ID.me Authenticator mobile app. <setup>

Code Generator - Strong
Generate verification codes via code generator apps like ID.me Authenticator to sign in. <setup>

id.me authenticator app available on play store

authenticate with ibkr
will my phone work in USA (roaming)
will push notifications work on the app while roaming in USA
push notifications is based on http, correct?

There are systems available to digitally certify a valid signature, used on contracts.

There are supposedly several software products that can be used to add a signature to a PDF.

• Adobe Acrobat - Fill and sign
• Libre Office Draw

Adobe Acrobat

• Desktop Windows or Mac but not Linux
• Online at adobe.com - Fill and Sign requires monthly subscription
• Android Fill and Sign is free

Per wikipedia:
In the United States, a medallion signature guarantee is a special signature guarantee used primarily when a client transfers or sells US securities. It is an assurance by the financial institution granting the guarantee that the signature on the transaction is genuine and that the guarantor accepts liability for any forgery.

When United States citizens are outside the United States, they are typically unable to obtain a medallion signature guarantee stamp.

Per Grok: Where to Get One: Available from institutions participating in one of three Medallion programs:

• STAMP (Securities Transfer Agents Medallion Program): Over 7,000 U.S. and Canadian banks, credit unions, and brokers.
• SEMP (Stock Exchange Medallion Program): Regional stock exchange firms and clearing companies.
• MSP (New York Stock Exchange Medallion Signature Program): NYSE member firms.
• Typically, you must be an existing customer (often for at least 6 months) at a participating bank, credit union, or brokerage, like Bank of America or Visions Federal Credit Union.

Requirements:

• Valid government-issued photo ID.
• Documents related to the securities (e.g., stock certificate or account statement).
• Additional documentation for special cases (e.g., Power of Attorney or estate transfers).
• All signers must be present in person.

Process: Contact your financial institution, schedule an appointment, and bring required documents. The stamp, often with a unique barcode and green security ink, can be issued same-day if all requirements are met, or it may take 2–5 days.

Limitations:

• Not available from non-participating institutions or notaries public.
• Overseas investors may face challenges; some U.S./Canadian bank branches abroad or firms like Fraser and Fraser in the UK can help.
• Stamps have value limits (e.g., a “D” prefix stamp covers up to $250,000; a “C” prefix up to 500,000).