+852 3162 6888
+852 2544 8439

A one-time 2FA login

2FA as an extra layer of security can help to prevent hacking. As such, the Securities and Futures Commission has made it a requirement for intermediaries, including brokers and banks, to implement 2FA when clients log-in to their online investment accounts. The regulator will not mandate any particular 2FA solution and intermediaries can choose to use any 2FA solution they deem appropriate. 2FA is only required once at the time of login, and there is no need for further authentication for each and every online order placement. By doing so, there will be no compromise to security or efficiency in online trading.

2FA alone cannot eliminate hacks

2FA can offer additional protection for online securities transactions but it cannot fully eradicate hacks. In fact, through various social engineering tactics, hackers are able to trick people into providing their login IDs and passwords, as well as the information required for the second authentication, such as stealing your mobile phone and security token.

It is important to maintain good online habits even if 2FA is in place. You are advised not to root or jail break your mobile devices, download apps from unauthorised sources and use public Wi-Fi and public computers to access your online account. Pay attention to your online investment account transactions at all times and keep your mobile phone and security token safely.

iToken

  1. Download iToken at Apple/Google Store.

  2. Set a password for first login or use touch ID to login.


  3. Click the “+” button to add account by entering the registration key manually or by scanning the QR code.


  4. After adding the account(s), the OTP will keep generating every 30s. With words in red in the last 10s.
  5. Click to copy the OTP, or the trading webs will link to the token apps at the 2nd level login.
Trading APPS Login
  1. Login the trading apps by entering the username and 1st level password, or by
    fingerprint.


  2. After the 1st level of login, there will be 2nd level login and the iToken apps will be auto opened for copying the OTP.


  3. Click to copy the OTP and paste to the 2nd level login of the trading apps.


  4. Trading Apps login is successful. Confirm the disclaimer and it will be directed to the trading page.
Web Trading Login
  1. Login the web trading by entering the username and 1st level password


  2. After the 1st level of login, there will be 2nd level login.


  3. Enter the OTP generated from the iToken Apps.


  4. Login is successful. Confirm the disclaimer and it will be directed to the trading page.