There are two ways in which trader IDs can get locked:
- Failing to log into the TT trading system three consecutive times
- Failing to log into the Windows environment a specified number of times
TT Trading System Lockout
After three failed login attempts at the same workstation, Guardian locks the X_TRADER® program on that workstation. Also, if Guardian is set to do so, it sends a notification email to a predefined email address. To use this notification functionality, each workstation must have an email client installed.
Once Guardian locks a machine, no further attempts to log in at the same workstation are allowed until you unlock the account. However, a login with the same trader ID may be attempted at another workstation. The security measure of locking accounts is based on the workstation IP address.
To unlock an X_TRADER workstation:
- Perform an administrator login
and leave Guardian open.
Refer to Performing a Guardian Admin Login.
- On the Admin menu, click Locked out Accounts.
A list of locked accounts displays with the following information: exchange name, member ID, group ID, trader ID, and IP address of the workstation used by the locked trader.
- If necessary, to update the information, click Refresh View.
- Click the number to the left of the locked account you want to unlock.
- Click Unlock Account(s).
The data is removed from the table and the user can immediately attempt to log into the locked workstation.
- Click Publish.
A Guardian prompt box appears, stating “E-mail Alert transaction successfully completed.”
- Click OK, and then close out of Guardian.
Windows Environment Lockout
Windows offers a separate lockout mechanism, which locks usernames that fail a specified number of login attempts. By default, the account lockout feature is disabled. You set the Account Lockout Policy in the Local Security Settings window. You access the Local Security Settings window via Administrative Tools in the Control Panel.
If you want to set the account lockout threshold, to support TT’s lockout functionality, you must use seven (7) or higher as your allowable number of incorrect login attempts.