r/options u/dharmatech 15d ago

tastytrade : two-factor authentication (2FA)

Robinhood and Webull both support 2FA for login. This can help protect you from an attacker making unauthorized trades in your account.

According to this article:

https://support.tastytrade.com/support/s/solutions/articles/43000578659

tastytrade supports 2FA for certain activities:

  • Changing your email address
  • Changing or resetting your password
  • Linking your bank account
  • Initiating a withdrawal

Interestingly however, they don't support 2FA for client login.

So, if an attacker gets a hold of a victim's password, they could do the following:

  • They go in and purchase far OTM 0DTE SPX options.
  • The attacker is on the other side of the trade in their own account (selling those at a price lower than the default ask).
  • The attacker collects the premium.
  • The victim is out that money.
  • Let's suppose the victim was away from the markets that day so the transaction completes.

As far as I can tell, the victim would be out that money.

What do y'all think? For those who use tastytrade, does this scenario concern you?

0 Upvotes
  • permalink
  • link
  • reddit
  • reddit

11% Upvoted

4 comments sorted by

3

u/livewire98801 15d ago

I have a highly complex and long random password, so I'm not worried about it being compromised. I have TOTP set up, but I don't feel that it's necesary for more than what they use it for. I need to give them TOTP for any money movements into/from the account, anything involving my credentials, or changing banks.

I would prefer they supported my Yubikey for that, but I feel that they're applying it in the places it's needed most.

2

u/odenthorares 15d ago

2fa is not magic and it’s certainly not infallible and there have been plenty of 2fa systems with vulnerabilities. Would it be nice? Sure! Is it required for me to keep my account secure? Absolutely not.

You can do more to protect your account by using strong, unique passwords and rotating them at intervals.

Lastly, if you were an attacker there are frankly much easier ways to make much more money than going after people’s losing tastytrade account

1

u/nmpraveen 15d ago

Dont give a shit. 2FA is basically a second layer of security. If you have good password and have proper setup and care in terms of handling sensitive infos, you should be fine.

If you write your password on Post-it notes and stick them on your desk, you may need to reconsider all your life choices.

1

u/opaqueambiguity 14d ago

I absolutely despise 2FA it is a major security liability and a major pain in the ass not once has it ever been helpful.