Why we did this
Robinhood provides three options for two-factor authentication, which include authenticator apps, SMS (not recommended), and device approvals. By offering all these methods in Fey, we give our customers greater flexibility in safeguarding their accounts.
More context on security
Fey is dedicated to promoting responsible usage of its platform by individuals and has taken several measures to ensure the safety of all our customers. These measures include, but are not limited to:
- Not storing user passwords, but instead using access tokens generated by the brokers;
- Encrypting access tokens at all times;
- Setting expiration dates for access tokens as determined by the brokers and refreshing them automatically, so that even if a token is stolen, it will expire by itself;
- Revoking access tokens immediately upon a change in the user's broker password;
- Rate limiting on all broker calls to avoid being flagged as bot trading;
- Rate limiting on trade calls, ensuring that no two trades can be placed within a certain interval, causing suspicious transactions to be immediately aborted by Fey;
- Utilizing caching and cursors to limit the number of calls;
- Implementing idempotency keys on orders to eliminate a category of network retry issues, such as duplicate orders; and
- Storing audit logs of transactions, allowing for traceability and accountability.