Mandatory TOTP for illiquid risky contracts

June 9, 2020

There has been a sudden increase in online phishing frauds in India post the lockdown. Check this post to know more about the phishing scam you couple fall prey to when investing in the markets.

The phishing scam

Fraudsters set up phishing (fake) websites that mimic the look and feel of the login pages of the trading platform offered by large stock brokers. These websites are then sent out to unsuspecting investors via SMS messages, e-mails, and social media with contact data stolen from various sources.

Unsuspecting investors then happen to click on these links which lead to fake websites that mimic the login pages of the trading platforms they are used to, where they enter their login credentials (username, password, PIN, and other bits of information). This is captured by the fraudsters, which they then use to login to the investor’s trading account to execute buy/sell transactions on illiquid scammy penny stocks or illiquid options contracts, generating a loss on the compromised account and a profit in theirs (counterparty to the scam orders). There are also many cases where scammy penny stocks are bought in customer accounts at a high price, shares that cannot be sold on the market as there would be no buyers.

As a temporary fix, we had blocked trading by default in all illiquid risky contracts — stocks and options, and allowed trading in them only on specific instruction from the customer through the registered email address. We now have a permanent solution to this.

Mandatory TOTP when trading illiquid risky contracts

As a solution, we could potentially have made it mandatory for all our users to use a mobile or email OTP to login to Kite. But there is no guarantee that these OTPs are delivered on time. Since we’re in the business of trading where time is critical, we couldn’t take this chance, and so decided to use TOTP (explained below). Instead of asking mobile or email OTP on every login, we have made it mandatory to login using a TOTP if you want to trade in any risky scrips. We classify a scrip as “risky” if they are illiquid and can be used by fraudsters to create artificial losses in your account.

If you haven’t logged into Kite using TOTP and are trying to trade in these illiquid risky scrips, such orders will be rejected and the rejection message will ask you to set up TOTP to place the order. Setting up TOTP is a one-time task that adds security to your account. Then you simply need to login using this TOTP every day and will be allowed to place trades.

What is TOTP?

TOTP stands for “time-based one-time password”. Unlike a traditional OTP that is delivered to you via email or SMS, a TOTP is generated by a TOTP app that is already on your phone. This TOTP is valid only for a short duration (usually 30 seconds) and is regenerated every 30 seconds. Read below to learn how to set up TOTP to login on Kite.

How to setup TOTP?

Important: You will need to login on Kite web to set up TOTP. Once you set it up, you can login using this TOTP on web as well as mobile.

You can use apps like Google® Authenticator, Microsoft® Authenticator, or Authy on your mobile phone to generate 6-digit TOTPs for every login. The procedure to set it up is as follows:

  1. Log into Kite, and click on your client ID on the top right-hand corner of the page and select ‘My Profile’ from the drop-down.
  2. Click on ‘Password & Security’
  3. Once you do, click on ‘Enable 2-step TOTP’
  4. Enter the OTP received on your registered email ID.
  5. Install Google® Authenticator (or Microsoft® Authenticator or Authy) on your phone. You can find this on the Play Store or iOs App Store.
  6. Select ‘Scan a barcode’ under the add account option and click on ‘Begin’.
  7. Allow access to your phone camera, and scan the bar code shown on the profile page on Kite. Once you scan it, the account will be added on your authenticator app. Enter the OTP shown on the app on Kite along with your password and click on ‘Enable’.
  8. Once you click on ‘Enable’ you’ll get a notification confirming the TOTP set up.
  9. You will have to enter the TOTP shown on your authenticator app instead of PIN from the next login onward.

What if you lose your phone or TOTP app?

If you lose your phone or are unable to access your TOTP app for any reason but need to log into your account, click on the “Forgot password” or “Forgot 2FA” link on the password or TOTP entry page and reset your account by following the steps explained here. This will remove TOTP authentication for your account and you will need to set it up again to trade risky illiquid scrips.

Team Zerodha

India's largest retail brokerage

221 comments

  1. Gangadhar Barik says:

    I can’t find any client ID on the top right hand corner of the page and now to select my profile from drop down. Please help

  2. Pravin More says:

    One step forward for safety

  3. NARAYAN says:

    THANKS ZERODHA & TEAM TO CARE OF YOUR CLIENTS.
    MY TRUST ON ZERODHA BECOME VERY STRONG BY READING SUCH TYPE OF YOUR CARE.

  4. Dp says:

    Done 👍 very easy get daily New code .. great work by Zerodha

  5. Donesh says:

    Hi,
    I have setup the TOTP but I am not able to place the illiquid trades.

    Thanks
    Dinesh

    • Matti says:

      You have to log out and login with TOTP to place trades.

      • Srikant says:

        I logged out and logged in using TOTP.
        I still can’t execute an option outside your “enforced limit” (which is 9850 TO 10400 CE & PE for 11 Jun 2020 expiry).
        The error says the same “Strike price is outside the allowed range. Try a strike closer to the spot price.”.

        By the way, the 11000CE has ample liquidity (many brokers allow it without causing trouble to clients).

        • Matti says:

          Ah, this restriction isn’t due to liquidity, but due to exchange OI limits. There is a way around this though. Please fill this form and we’ll have someone contact you to help.

          • Srikant says:

            Thanks.
            I filled the form and requested a time slot in the next 30 mins (hope someone responds).

            By the way, I can place the same weekly 11000CE with the other broker, there isn’t any trouble by exchange OI limits for them!

            Why Zerodha do this?
            I hate to use the crappy interface of other brokers, but nevertheless they do one basic thing right, they provide the client the freedom to exercise any exchange-listed script.

            For instance, tomorrow’s weekly expiry only 550 point bandwidth is allowed with Zerodha (9840-10400) on Nifty, do you want us to design our strategies based on your daily changing ranges?

            Stopping phishing attacks by disabling the scripts altogether! This doesn’t even sound logical, and enforcing on the client who pays you, not a fair deal, not according to me!

          • Srikant says:

            There wasn’t any call from your side. Nor any acknowledgment.

          • Dumb says:

            Are you all seriously filling a random form and providing your client ID and phone number? That’s so effin irresponsible. And then people crib when they get scammed…

            • Matti says:

              The form is from us! I am a Zerodha rep and have been responding on this forum for a while now! While I get your point, wouldn’t it make sense for you to first look up what is happening BEFORE posting?

        • Karan says:

          I’ve complained about it the past. They haven’t responded

        • VIKS says:

          why , you doing this zerodha team , let your customer decide , now how i average my loss contracts …..not abkle to place order , after athenticate , lots of times , zerodha is really shit , really need to change this peace of dirt

  6. Raj says:

    I call it as foolishness. A shop has A to Z items. The seller says, X,Y and Z are not for sale.
    Trading in markets is risky, but, customer is here to take risk.
    Zerodha is trying to enact the role of Angel trying to save everyone.
    The broker’s job is facilitating a product buy or sell. Not to decide on what to buy or sell on client’s behalf.

    Slowly, favouritism on specific stocks will start from Zerodha.
    Time to change the broker. I will request for DIS.
    I hope SEBI will enter and inform brokers of WHAT THEIR JOB IS?

    BTW: How will you stop small IPO subscriptions from client?

    • Naveen Verma says:

      Exactly it is risk taken by market traders itself and brokers must stop interference between us. As such we are trading with cash and not on credit in such illiquid stocks.

      • Matti says:

        Risk management is also a broker’s job. While we do facilitate trades, we also need to look at the risk such trades bring to the table. We have not decided what you should buy or sell, by the way. Just that you need additional security set up on the account to trade some scrips!

        • Amresh says:

          How will it manage any Risk …do you think any buyer will not buy because of extra password?….it would be good if you place a disclaimer while placing order …but this extra password is complicating stuff …..we already have so many passwords….already

          • Roshan Alex Mathews says:

            Sir, what Matti is saying is not to decide or make it a hurdle to buy or sell a stock, the purpose of this extra layer of security is to prevent fraud from occuring due to credential theft, barely anyone if any buy such extremely illiquid stocks so in essence it will not effect any ot even all transactions, the added layer of security will make for a small if any delay and prevent a lot of people from falling victim from fraud

            • Rex says:

              If any scammer broke the password and his wish to make loss only by investing in Penny Stock than do u think scammer will noe make loss by creating FO possition / buying Lower circuit stock ? What the explaination you are giving man.

              This is the job of SEBI not yours. Tell me anyone Broker who is restricting client to buy penny stock.

            • Amresh says:

              Sorry to say but your arguments are really not convincing anyone…….I really appreciate the Zerodha platform …. but this feature really overhead…..we already have two-level passwords over that CDSL pin and now this…… 🙁 … even banks don’t have these many layers to transact…… The world is moving towards tap and pay …… If you provide a convincing use case I would gladly adopt it ….

        • Vinayak says:

          I dont agree, If you have MFA (TOTP) why do you want a PIN also for logging in. You are complicating login process.

          • Digen says:

            The TOTP replaces the PIN. The problem with the PIN is that it is fixed, like a password. You may only change it once in a while, every 3 or 6 months etc.

            If a scammer gets hold of your ID, password and PIN, he can use them to log in and place trades in your account. If he were to get your TOTP in the above manner, it would make no difference since it changes every 30 seconds and he would not be able to log in with your old TOTP. This makes your account far more secure.

          • Najath says:

            Sir,
            They told you can take, but the broker wanted to know about any unscrupulous hand. If any penny stock shackled around your neck, you cant get rid of this genie as there wont be any takers. Otherwise you have to copy of same scammers crooked trick. So the broker wanted to know the de facto client himself or herself is jumping to this death knell. After confirmation, you are at free.

        • MURLI says:

          If somebody has bought a penny stock on your website then you cant suddenly stop him from putting sell order because of some sms tips etc. How is he going to liquidate and get out if you block his sell order? thouse who have already purchased should be allowed to sell without totp.

    • Matti says:

      Risk management is also a broker’s job. While we do facilitate trades, we also need to look at the risk such trades bring to the table. We have not decided what you should buy or sell, by the way. Just that you need additional security set up on the account to trade some scrips!

      • sam says:

        if you guys are not deciding what to buy or sell then why are u putting these kind of barrier… in market time is most important. bdw am using my money my effort why are you acting like a warden,
        better you do your job.

        • Matti says:

          Risk management is our job! Also, there is no lost time with this. Just set up TOTP once, and use it to login. After logging in, you can trade whatever you want without any interruptions.

          • Ranjeet says:

            If a scammer gets into client account , He/She can make transaction to any other script “which you have not declared illiquid by your wisdom”.

            And you think people will not loose money there.

            Wow!!!

          • Manoj Kumar says:

            Mr. Mathi,

            What if there is a issue where i cannot login using TOTP and you get only 5 attempts i have got this issue today and my day has been lost, so who is going to give back the time that i had lost and the trade that i would had done today.
            Even now i am trying to login it is not letting me to login and there is a error popping up even though i enter the correct TOTP

            Can any one from zerodha or some expert give me a solution for this

            • Matti says:

              Hey Manoj,

              1. You can click on “forgot password” and reset your account to remove TOTP and login.
              2. The only scenario where the you enter the TOTP correctly and it shows incorrect is if the clock on your phone is not correct.

      • S GUNASEKARAN says:

        It is a laudable initiative and it may be introspected if need arises.

    • pazhani says:

      zerodha make zero of the penny stock by the time of totp authentication . very disappointed for Totp… all broker are very clear to people have to lost ,.. i hate totp authenticate … please remove

    • yash says:

      this is the most shitiest thing to do as not able to perform trades, seriously its time to change the broker.

    • Sanmati B patil says:

      Yes on Tuesday I tried to place Reliance 22000CE jul buy order, n prm price was 0.05.. but when placing order shown some error msg n couldn’t place order.. n on Wednesday the prm price made high of 7+ n folded around 5-6 rupees.. now because of zerodha I couldn’t earn

  7. Naveen Verma says:

    It is very time consuming and difficult for a person trading through mobile kite app.
    1)Whether sell* order of holdings of such illiquid stocks too require such huge TOTP process to be followed or just for buying order.
    2) whether modifications of order placed also requires again TOTP process to be followed?

    • Matti says:

      Naveen, you only need to have logged in using TOTP. You don’t need to enter TOTP every time you place an order.

      • Gowrishankar says:

        Mr. Matti,

        I think it is necessary to protect the interest of traders and investors from phishing frauds. There are many gullible clients who become a victim to such scams. A step in the right direction by Zerodha, all who resist the motive and reason behind this move are either ignorant or are part of the scam (investigate them… lol, just kidding)

        However, I have a question as I do not know how this works. Would we be required to scan the QR code from Kite Web in order to get the 6 digit TOTP every time we need to login to sell the illiquid shares?

        • Matti says:

          No, you only have to do the scan but once. After that you will just need to use the TOTP from your authenticator app to login every day. Again, this is not for every order, just at the time of login.

  8. Preetam says:

    I think zerodha is already asking for mail confirmation & showing ‘Nudge’ warning before trading such illiquid stocks. So, now its upto investor whether to invest in it or not. Why is broker deciding stocks valuation & physically restricting client’s decisions? Rather don’t display such contracts on zerodha platform. I would suggest giving warning is well enough to clever clients in terms of illiquid stocks. On restricting phishing scams, then make TOTP mandatory for all contract, phishing attack can trouble anything.

    • Matti says:

      Risk management is also a broker’s job. While we do facilitate trades, we also need to look at the risk such trades bring to the table. We have not decided what you should buy or sell, by the way. Just that you need additional security set up on the account to trade some scrips!

      • Ranjeet says:

        If a scammer gets into client account , He/She can make transaction to any other script “which you have not declared illiquid by your wisdom”.

        And you think people will not loose money there.

        Wow!!!

  9. Rahul Deshmukh says:

    You are broker not a caretaker.
    Do your job only.
    You blocked script like elcidin
    Think about it
    You cannot predict market.

    • Matti says:

      Risk management is also a broker’s job. While we do facilitate trades, we also need to look at the risk such trades bring to the table. We have not decided what you should buy or sell, by the way. Just that you need additional security set up on the account to trade some scrips!

      • Preetam says:

        This is getting too complicated & irritating. If I doesnt feel that user friendly while trading then will change the broker & ll transfer my portfolio.
        Thanks.

        • Matti says:

          This is just a one-time set up process, Preetam. After that, you just need to login using TOTP, every day and trade normally.

  10. manoj says:

    The broker’s job is facilitating a product buy or sell. Not to decide on what to buy or sell on client’s behalf.

    • Matti says:

      Risk management is also a broker’s job. While we do facilitate trades, we also need to look at the risk such trades bring to the table. We have not decided what you should buy or sell, by the way. Just that you need additional security set up on the account to trade some scrips!

      • Sravan says:

        why you are copy-pasting same thing everywhere?

        • Matti says:

          Because the response is the same every time people bring this up. 🙂 A broker is not only someone who facilitates trades, but also has a responsibility to manage risk.

          • Ranjeet says:

            If a scammer gets into client account , He/She can make transaction to any other script “which you have not declared illiquid by your wisdom”.

            And you think people will not loose money there.

            Wow!!!

    • Prem_Nath says:

      Now they are acting like Daddy Knows the Best.

  11. Mahesh says:

    make TOTP mandatory for all tradeable stocks, phishing attack can trouble any tradeable stocks. Rather than using third party server for TOTP, ZERODHA should use its server to generate a high security OTP & send it to clients for login. It would be easy to use by clients & authenticate.

    • Matti says:

      Mahesh, as explained in the post above, OTP delivery is not reliable all the time. What if you want to place a trade but the OTP doesn’t reach you? Hence TOTP. And it doesn’t get any more secure than a Google or Microsoft service!

      • RP says:

        What is the procedure for old Zerodha customers to revoke POA and shift to the TPIN OTP system that has been started by CDSL?

  12. AC Naik says:

    Hello Team,
    I am little upset and annoyed, i have already set up TOTP on my account and but still I was not able to trade on the illiquid script.

    Also, i have already taken the approval on Hathway Bhawani, but today My GTT order was failed because TOTP was not completed.However i have completed TOTP already on my account.
    Can you please check asap and let me know what is exact issue?

    • Matti says:

      If you had already emailed [email protected] to trade these scrips, you have time till Monday to set up TOTP. Until then your order would not be rejected for this reason. Looks like there’s something else that’s off. Please contact our support desk.

      • Rex says:

        “Since we’re in the business of trading where time is critical” You written this line on top of this page & you are suggesting your clients to contact to support where he will receive an answer or solution after 2 days… wow

  13. Chandra says:

    I clicked the Enable 2Factor TOTP many times and It’s allays says server not working or error. I am using PC. Not mobile. Kindly sort this issue. My network is OK I am able to trade and open other sites also.
    regards
    Chandra

  14. Chandra says:

    Dear Team,

    I am not very well educated. Someone helping me to send this mails also.
    This rules are really giving lot of troubles. why this lengthy process? One mail is enough. We know trading is risk. and aware about market disclaimers. We want user friendly trading system…..

    I also thinking to open new ac in other platform

    Kindly make it user friendly.
    Thanks in advance.
    Regards
    Chandra

    • Matti says:

      The email way of allowing trading is slow and not scalable. If there are a lot of requests in a single day, you’d have to wait longer. Now, you just need to set up TOTP once and enter the OTP only when you are logging in. After that, you can trade without any additional steps.

      Also, TOTP may soon be made mandatory by the regulator for all accounts, and all brokers will have to implement this.

  15. Chandra says:

    Dear Team,
    One more suggestion from me. Instead of these TOTP lengthy process, why don’t you incorporate one more button like Nudge Tool in buying/selling panel? when ever we want to buy/sell that button warns like “I am 100% agree with taking risk and I am ignoring Zerodha warnings” enything some warning like that.

    Many Inverters are not well educated. They simply like to trade if it is a user friendly platform

    Regards
    -Chandra

    • Matti says:

      If a scammer has access to your account, he will 100% click on that button and proceed with the trade. This TOTP ensures only you can do it because TOTP is bound to your phone. Check the link in the post above that explains the phishing scam. 🙂

  16. Dilip Shaw says:

    Good work. Another idea is to pop up a small window just before a buy order, giving warning to the client that he/she is buying an illiquid stock that can be dangerous. And if they are buying on a SMS/WhatsApp/Telegram/Email tip – beware it can be fraud and there can be losses. This will desist 50% of the buyers of illiquid stocks/options.

  17. Dilip Shaw says:

    Agreed scammers will still trade, but 100% trades are not scammers.

  18. Akshat Solanki says:

    If you could provide the names of illiquid, pump & dump Stocks, that’d have also helped traders.

  19. Swatantra Kumar says:

    This is really bad, by this means broker wants to complicate things such that we can not buy or sell penny stocks.
    Its upto us and not on broker to decide, time to change.

    • Matti says:

      You just have to set up TOTP once to be able to trade anything you want. It isn’t that complicated. We’ve explained the same thing in the post above.

  20. Amresh says:

    Unnecessary process …..you may show or notify the buyer that it’s illiquid just like in sensibul ……..to many process will kill the platform….not needed….Also ….if the company is bad then it should not be listed at first place ….Broker role should make the platform user-friendly which is indeed wonderful in zerodha…but i think this should be SEBI’s role not Zerodha…so i don’t like this feature at all….

    • Matti says:

      We already do that, Amresh, but if you read the above post, you will see this is to protect users from phishing attacks. This is where someone else gets access to your account. In such cases, the warning would be meaningless as the attacker is anyway intending to create a loss in your account.

  21. Akshay says:

    Hi,

    If i enable TOTP will my GTT order be affected? (Both already entered and future GTT)

    If the price hits the stop loss then i dont want to hold on to that because TOTP wasn’t entered.

    Thanks in advance for help!

    • Matti says:

      No, GTT remains unaffected.

      • Akshay says:

        Great, thanks for quick revert.
        Also, one more query, what happens when i am not able to access my phone and change my phone?
        Will the TOTP still active on the authy app to login in a new phone and use it?

        • Matti says:

          If you lose access to your phone, you lose access to your TOTP. In such cases, just click on forgot password and reset your login. TOTP is also removed. Then use your new phone to set up TOTP again if you want to trade illiquid stocks.

  22. jeetesh says:

    broker job is to provide services not to interfear which one is liquidy or illiqudiy stocks…if zerodha you really care for the customers then why dont you suggest customers what to buy and what to sell for intraday/delivery….customers willing to take risk, want to buy the otm contracts, want to buy current expiry month contracts options but you gave the reason blocked due to bla bla bla….if the contract/stock is really illquidy then sebi must delist the stocks…

    • Matti says:

      Risk management is also part of the broker’s job, Jeetesh. Anyway, after this update that we’ve explained in the above post, you can just set up TOTP and trade anything you want.

  23. RAJEEV RANJAN says:

    Moral Policing is Very Dangerous in Financial Market and it’s not a professionalism? we Indian are more interested to indulge in Moral Policing rather than doing by principle.

    • Matti says:

      This isn’t moral policing. This isn’t any kind of policing. We are simply asking our users to have an additional layer of security to trade scrips that we define as risky based on our risk management practices.

    • RAJEEV RANJAN says:

      Being a No-1 Brokerage House might take lots of time But Downgrade will not take long time compare with your competitor. Hope You will understand .

  24. Balram Jat says:

    I truly appreciate with Zerodha new authentication way because in this digital world security is the primary need.
    Not everyone fully familiar(updated) with all the new way of online attacks/scams. So plz support it .
    Its for our benefit only.
    Good work team Zerodha

  25. Monis says:

    Hi,
    This is the first time Zerodha is making major mistake in my opinion. It is the duty of stock exchanges to decide which scrips to allow or not for trading n it is not the responsibility of the broker to make judgement based on only market cap or whatsoever criteria he may have in his mind.

    This can not n will not save everybody. Have you seen rate of Rcom from 800 to 2, rel infre, r cap, cox from 300 to 2. Will this practice save innocent investors from these carnage, which were even not related to this corona fall? On the other hand some scrips too went from below 100 cr mkt cap or even from 10 cr mkt cap to 1000 + cr market cap. Investors will miss these too, thanks to this new safety measure.

    One last example – Unitech – went from sub 50 cr market cap in 2004 to 100000 cr mkt cap n now 400 cr market cap. Is it responsibility of the brokers to decide when to buy certain scrips ?

    This just the illustration – No hurt feelings

    • Matti says:

      Risk management is a broker’s job too. 🙂 In any case, all you need to do is set up TOTP and login using it to trade these contracts. It’s not blocked if you do set up TOTP.

      • Ranjeet says:

        If a scammer gets into client account , He/She can make transaction to any other script “which you have not declared illiquid by your wisdom”.

        And you think people will not loose money there.

        Wow!!!

        • Gb says:

          Dude! Is your iq a that of a 7yr old??
          Obvi they can.. So in that case zerodha shud actually make totp compulsoty for all logins(atleast web based logins cos app bases logins have fingerprint or faceid)
          2 step verification, totps are the norm for most secure transactions… Even whahtsapp and gmail recommend 2 step authentication.

          And this is neither moral policing nor zerodha trying to restrict our freedom!

  26. Sanjoy says:

    Can you please warn us while adding a so called ‘illiquid’ (by your definition) stock/counters in the market watchlist. And only on confirmation, users should be able to add that in their watchlist. If you could also have a differet colour to mark such counters that would be really useful.

    Thanks in advance.
    Sanjoy

    • Matti says:

      We warn the user while placing orders. Warning while adding to market watch would be tricky. Will look into the possibility.

  27. Srikant says:

    Anyway some relief though.
    But, I don’t see the logic behind, a trader who is willing to trade in illiquid stocks will anyway end up doing so, so what’s the point of additional barrier?
    It would be easy to just give a warning message popup while trading such scripts with an additional checkbox saying “I agree the risk involved”(if at all), that shall do right?

  28. lakshminadharao says:

    sir , i had purchased wheels india ltd with CNC mode, but you allowed me to buy when i tried to sell you did not allow me to sell the stock saying illiquid stocks with banner appearing on the screen with black in colour. here my point is if your banner shows it is illiquid stock not allow to sell on same day or btst , we can not take buy. without knowing it we are buying , not only this there no of stocks are like that. it is convenient if we know that stocks are illiquid we donot buy them. please rectify this problme.

  29. Mohammad Dularay says:

    Its Done,

    Thanks Zerodha for care our safety & security.

  30. ROHIT SHARMA says:

    What is Zerodha definition of illiquid stocks (or penny stocks). Do stocks like Idea, Alok Industries, come under illiquid stocks?

  31. Gs banga says:

    Right said

  32. Raj kumar says:

    Please provide tpin

  33. vishal says:

    Once TOTP is set, is it possible to login with password if a user loses mobile?

    • Matti says:

      You can click on forgot password. This will unlink the authenticator and you can set new password and PIN and login. After logging in, you will need to set up TOTP again to trade these risky contracts.

  34. Karthikeyan Sivakumar says:

    Can you please confirm if there will be fallback options to login when we lose our mobile or Authenticator App is uninstalled? Means using the Passcode rather than TOTP in certain cases?

    • Matti says:

      You can click on forgot password. This will unlink the authenticator and you can set new password and PIN and login. After logging in, you will need to set up TOTP again to trade these risky contracts.

  35. Subhendu says:

    Hi,
    If I lost my phone how I will again do authentication with my new phone?

    Regards,
    Subhendu

  36. Manoj says:

    It is good and length process for some
    Client s who can’t go with all these process , so think about everytime by completing all the process the trade price and entry price we can miss ???????????

  37. Rahul says:

    Does this mean that Zerodha user data has been compromised? How do these scammers get hold of Zerodha users phone, email etc?

    • Matti says:

      No. Our user data is quite secure. However, that doesn’t mean that scammers can’t get access to your email ID or mobile number from other sources. Explained here and here.

  38. Bhargav says:

    Put a like and dislike option under the post so people can vote their decisions. And also put like section in comments so more reasonable comments will be appear on the top. Because everyone not wants to comment so they give their opinion by just like or dislike. (eg. YouTube)

  39. Singh says:

    not found Clint id

  40. Prem_Nath says:

    Don’t act like daddy knows the Best.

  41. Sharat C Sahu says:

    Totally unnecessary and uncalled for procedure.

    It seems you want to micromanage your clients and obviously think they are fools.

    You had no business in blocking your client’s legitimate trades and then you expect him go through this tedious and unnecessary process.

    Just leave it to your client’s judgement to handle his money.

  42. Atul says:

    Can you give list of “illiquid risky” stock / contract names ?
    What if I don’t have mobile ? & wish to trade in “illiquid risky” stock
    On 8th Jun 2020 morning market opening time around 9:18, order was not getting accepting by zerodha
    Error Server Not Ready
    Better you work on server rather creating some complex system

  43. Vivek says:

    I only trade nifty and banknifty options…will far OTM options of these be also be affected?

  44. Shravan says:

    what if , I lost my phone or it is not working.
    In this case what is the alternative to login after I setup TOTP to Close my Open trade or Take new position.

    • Matti says:

      Closing an open position has no restrictions. As for losing your phone, you can click on forgot password and reset password and PIN so you can login without TOTP. You will still need to set up TOTP again to trade risky stocks.

  45. ROHIT SHARMA says:

    I have idea shares in bulk. Idea comes under illiquid stock.

  46. SKtyagi says:

    Dear team Zerodha,
    Warning message thats popup is more than enough.
    This Totp concept is complicated, and not required.

    Also for authentication your earlier 2 step questions were far better n secure than later on PIN one.

    Pls don’t make things complicated, I’m not going to install any extra APP and like to better close my account.
    Thanks for being with you from last 8 years.

    Once again thanks
    Sanjay

    • Ranjeet says:

      Agree!!

      Better to change the broker.

    • Matti says:

      If a scammer has access to your account, then he or she will ignore the warning altogether. The warning is for you, the TOTP requirement is to prevent scammers from committing fraud. The earlier 2FA with random questions was again an insecure method of logging in and was changed because of that very reason!

      • SKtyagi says:

        Dear Matti,
        If a scammer has access to my account??? if he can access my mobile after all its running various s/w and prune to be compromised.

        With totp what u want to achieve, secure authentication or prevention in trading illiquid stocks.

        Thanks

      • Rajeet says:

        If a scammer gets into client account , He/She can make transaction to any other script “which you have not declared illiquid by you wisdom”.

        And you think people will not lose money there.

        Wow!!!

  47. Rajashekhar.A.Hosamani says:

    If phising is occurred only the carelss client losses the money not carefull trader,this TOTP is hassleful specially for mobile users it will be good if TOTP is cancelled.

  48. L. Jagadeesh says:

    I need help to generate TPIN. I am not getting TPIN please give information as soon as possible

  49. Elwin says:

    I appreciate TOTP but a feature phone user like me , will have to buy a Smartphone to trade now in illiquid stocks for which I will have to shell out close to 10K.Can you Suggest any other option than this.

  50. Rajashekhar.A.Hosamani says:

    If our mobile is lost the robber will get access to our account easily with this TOTP authenticator app he will get both key & the lock .

  51. Sanjay says:

    I don’t know that why Zerotha always created tuf for selling share some time created pin some time created cds pin and then created new funda always

    I don’t see that any fraunding other brokers because simple step flow login id if u sell and buy no other pin only login apps many time I am enter different time of pin share price down with in time and I loss money many time .why are u fear every person

  52. Ravi teja says:

    Because of your restrictions I lost chance to invest in alchem script at 2 rupees.
    Your jog is to facilitate the trading. Not to choose.. It’s better you stick to your job and improve your platform to handle market volatilees rather than this sitty setup to buy scripts

    • Srikant says:

      Absolutely, I too missed such an opportunity lately.
      This is such a non-sense move, why can’t we have everything right with at least one broker!

  53. HK Thakur says:

    Was going to open a demat with zerodha.

    after reading this article and response from Zerodha….. called UPSTOX.

    Just for your Team “Risk is not knowing what you are doing”

    you might be knowing who said so.

  54. Gajala parween says:

    Thanks zerodha time to time gird

  55. SD says:

    @Nithin/ Matti,
    What Nonsense! Why are you deleting our comments raising valid points.
    Why initiate such action if you can not justify it?
    My point is very simple. Why you (Zerodha) are exposing your clients login credentials to a third party server/app. You must take responsibility for any eventual loss due to this.
    If you say no you are not doing, then you must accept that you are restricting and imposing on client what should the buy and what not. It is either or as simple as that.
    Many does not know how a third party app is dangerous for financial transactions. Use simple sms OTP instead of that.
    If you delete again then I have to forward my view to exchange and sebi with a copy to you. Don’t restrict trade for clients who do not want this.

    • Prem_Nath says:

      Agree!!

      They want a control over market.

      they are acting like ” Daddy knows the best.”

      there is no such guideline from SEBI , that Investor require a permission from his broker to trade/invest on particular script.

    • SIJI K says:

      @SD, Please read up on Oauth. Nothing is being compromised by Zerodha here. They are doing it for your safety only. Perhaps you should read the article carefully.

      One suggestion for Zerodha – Better create a video or host a webinar. Things get much more clear in video than an article.

  56. Sharma ji ka Beta says:

    Suppose I enable TOTP once, can I disable it if I do not need to trade in illiquid scrips ?

  57. Vijaya Krishna says:

    Is it possible to disable TOTP and get back to regular PIN based authentication once I enable TOTP?

    Suppose some day I want to buy some illiquid stocks (not on regular basis), that day I use TOTP and other days I disable TOTP and use regular PIN. Is it possible?

  58. Tarun Gupta says:

    I setup TOTP using Google Authenticator but since then I am unable to login to my account.
    Do we need to update the Zerodha Kite as well because it is still asking me to enter PIN.
    I can’t see the screen that you have shown in the last step in this article for setting up TOTP.
    Please help me out ASAP.
    It’s very urgent

  59. SKtyagi says:

    Dear Matti,
    I have a few suggestions if you like to implement:

    1. Instead of forcing a new thing, better to make it optional, a choice whichever a trader like, can choose. Like Tradingview charts or chartIQ. Give users a choice between 2FA authentication or PIN or TOTP, or any two or three.

    2. The price change can be viewed as in percentage or absolute terms, why not both?? Some traders may have fullHD or UHD/4k display. Let them see more info on the screen. Small change is required, checkbox instead of radial button.

    3. Give option to save charts layout, and option to display more than 4 charts.

    4. Either give full access to tradingview charts, or implement more features from there to chartIQ.

    5. Only 2 ticker prices r shown on top, give option for more, who have more space.

    Enough for now.
    Sanjay

    • SIJI K says:

      Zerodha is like a low cost carrier, so it is a sin to expect basic things from them. Very basic things or bugs like missing sorting on certain columns have been notified to them, but they say its not priority for them. There are lots of basic features that are missing.

  60. MHASHEVI KHARUTSO says:

    Does this mean that if we don’t trade in risky illiquid stock, we don’t need to generate TOTP? Or is it compulsory to create TOTP by any means?

  61. Arun says:

    Hi,

    While this is a good step to protect the customer, the challenge as it remains is also around Zerodha not letting customers buy Far OTM weekly options. This prevents the customer from hedging long term options that customer has sold. Is there a plan to enable the customer to be able to buy weekly far OTM options for hedging exixting long term position.

  62. Ashok Kumar says:

    Where I find list of this type stock.
    So aware to not trade in this type stock

  63. SIJI K says:

    Something thoughtful to protect the investors !!

    BTW, when are you coming up with multiple holdings in kite to aid in segregating LT and ST investments.

  64. Atul says:

    Zerodha being the worst broker!

  65. Nagarjuna Reddy N says:

    The idea is good. but customers are dissatisfied due to OTP not received on time.
    Today i have reset the TOTP pin but i am trying to login mobile or web not receiving any otp.

    I would request you please share process to unlock or delete the PIN.

    Regards,
    Nagarjuna Reddy N

  66. Sandeep Bhagwanji Gangani says:

    I have two accounts one myself and another of my wife both have logged one by one from my mobile only because wife has no smartphone.how authentication has to done from one Google authinticator pls sujest for these both account.

  67. Sandeep Bhagwanji Gangani says:

    Richer motor is a peeny stock in past can u want to ristrct the same for not being your client to get rich.i think time to change broker else change the system.insted do one thing not allowed to loving via link, made compalsory use site typing name in sequre browser like https.

    In past I have stock named alok inds which get at 15 RS in 2008 and want to average at 2 but zerodha reject the order and same stock allowed when it comes to 100.what the benifite of account in zerodha.

    • Matti says:

      We are not restricting you from buying! We just want to make sure that it is indeed you and not a scammer taking the trade, so you just need to enable an extra layer of security!

  68. Rupa k says:

    Instead of forcing a new thing, better to make it optional, a choice whichever a trader like, can choose. Like Tradingview charts or chartIQ. Give users a choice between 2FA authentication or PIN or TOTP, or any two or three.

  69. Anil Chauhan says:

    I have two doubt in my mind that I have expected to clear from you are as below.
    1).without TOTP can we buy iliquid stock for trading or if it will allowed but when selling it is necessary to have TOTP thing.
    2).without TOTP can we buy liquide stock for trading.
    3)According to you Nifty 50 list of the Script is Liquid or not.can we trade on same without TOTP.

    • Matti says:

      1 &2) you need TOTP to buy risky stocks.
      3) Nifty options of the current and next month are considered liquid. If any contract is not considered liquid, we’ll show you a warning on the order window.

  70. Rahul says:

    There is no option to scan the bar code using my own phone so use some other phone using Google authenticator. And there is no option to disable two factor authentication .I m not able to login now becoz that mobile was some other person now how do I login

  71. Aparna Majhi says:

    Thanks a lot to Team Zerodha. The Zerodha is not only a Brocker but a safe guard of its Client also. This the cause of rapid increase of the Client of Zerodha. Zerodha has build the faith: “Zerodha never cheats and does not allow any client to be cheated.” Go ahead my beloved Zerodha. Go ahead Zerodha.

  72. Vijaya Krishna says:

    Hi Zerodha Team,

    Your intentions are good, however, I see the following issue with this approach.

    The authentication is made completely dependent on mobile. What if mobile goes down for some reason after someone initiating the positions? Is there any way to login to kite web without the mobile to take care of the positions?

    The resolution can be to make the authentication of TOTP optional. If someone used it to login then do not restrict them to take the positions in illiquid stocks. If someone used PIN and trying to take positions in illiquid stocks, then ask the TOTP only once per that login session.

  73. Vijeesh says:

    Instead of totp can i still use the mail option?

  74. James B says:

    There are several reasons why TOTP on mobile is not always feasible:

    1. Mobile may have run out of charge.
    2. I may be in a location where the connection is not good.
    3. My mobile maybe in a different location.

    Please give user the option to receive TOTP on mobile OR email ID, after 1-step verification is complete at login.

    Thanks

    • Matti says:

      That is not how TOTP works. TOTP is designed to be bound to one hardware device, i.e., your mobile phone. This ensures that only the user is logging in.

  75. ASHOK KUMAR GUPTA says:

    sir, my TOPT option is not activated. as per your procedure , i have follow but 6 digit number is not acceptable .
    message show ” invalid TOPT”.
    Please help me sir.

  76. Sameer says:

    Bunch of nonsense.
    Recently I raised this issue with Zerodha how their system stopped me from buying a 3 rupee stock by telling me its for my safety.
    Clearly they woke up and came with this thing which is as nasty as the previous of blocking trades of clients.

  77. Sumit says:

    i am approved but its show order fail ???

  78. Srinivasa babu Somepalli says:

    What is this yaaar…
    Always compelling clients to follow very criticsl mandatory procedures… very lenghty & headache..itroduce simple methods yaar…

  79. Roy says:

    I’ve enabled TOTP and used it to login to kite. But the nudge alert still says, “Intraday trades are not allowed.” because it is an illiquid security. Now that the phishing scam would not be possible since we login using TOTP, I don’t understand why intraday trades are still not allowed?

    • Matti says:

      Intraday trades are still not allowed in these stocks because the risk is still significant. Most of these stocks have been restricted from intraday trading by the exchanges themselves TOTP is required only if you wish to buy these stocks for long-term investments while aware of the risks.

  80. SB says:

    I dont use Smart phone , Only kite web , whats the way to setup TOTP in such case ?
    Please let me know the process

  81. Pradeep Kumar says:

    I was not receiving the OTP mail on my linked email. I raised a ticket but still no response. Have 4 days delay to enable totp means a lot to traders. Fingerprint on mobile App shud hv bypassed this authentication thru webpage.
    It’s a waste of time/missing trade when it’s needed. Already Nudge have been alerting the users.

    I understand ur point of security but this totp is not making sense to me. Please ensure New features enables speed and ease the application use but not trouble the users.
    Thank you,
    Pradeep Kumar.

  82. Nemish says:

    I am using TOTP & have 1 query.
    While logging in to kite on mobile, TOTP was asked only once. On a daily basis, the app doesn’t prompt for TOTP & directly logs me in with fingerprint authentication.
    But while logging thro PC, TOTP is asked for everytime i login.
    Just want to confirm above whether it is ok?
    Tnx & rgds
    Nemish

  83. Indrajeet says:

    Mobile app has stopped working properly since Thursday.
    None of the Strike price of BANKNIFTY & NIFTY are showing in search option.
    Only BANKNIFTY of SEPTEMBER expiry
    are available.
    कोई भी stock सर्च नही हो पा रहा है। क्या गडबढ घोटाला है ।
    Zerodha के हैल्पलाइन नम्बर घण्टे तक कोई response नही देता

  84. Mohd Anees Ansari says:

    Ye feature bekaar hai. bahut log pareshan rahege isse.

  85. Jindal says:

    This really is frustrating. Adding hurdles to a process which should be straightforward.

    Please make this an optional requirement. People who think they might be compromised can opt for this feature and others like me who dont want these extra steps and like a more ‘free’ experience can opt out. Making this mandatory is a bad decision.

    A few scenarios:
    1. What if I want to trade in my dads account today. I dont want to bug him in the morning by calling him and asking him to struggle with his phone to let me know the OTP
    2. What if my phone is Nokia 1100 and I dont want to upgrade OR install 3rd party apps OR phone is lost [ how can any of these be reasons that should prevent me from trading freely ]
    3. Already a security conscious person and never fallen for phishing frauds

    It’s not the brokers job to baby sit all customers, but just to provide a seamless service. Atleast provide an option for customers to opt out of this feature on their own like submitting an online application etc.

    • Ravi says:

      Yes even to check the portfolio for different family members accounts, we need to call them now and keep asking the otps. Simple task has become a problem

  86. chida says:

    I dont use Smart phone , Only kite web ,
    i have nokia 110 phone and I dont want to upgrade

    Please Make this an Oppotioanl Requirement

    how can any of these be reasons that should prevent me from trading freely ]
    1.Already a security conscious person and never fallen for phishing frauds
    It’s not the brokers job to baby sit all customers, but just to provide a seamless service. Atleast provide an option for customers to opt out of this feature on their own like submitting an online application etc.

  87. sheik ahamed says:

    The google authenticator doesnt have any security like asking my finger print or pattern to generate otp,, anyone with my unlocked mobile can generate otp and enter into my account ?? is this really this much insecure or am I missing anything here ? when we use our pin to login, even if we lose our mobile and its unlocked they cant log in into my account without the pin,, but with this method they can generate otp and login into the kite app

  88. JISHNU DEBNATH says:

    Is it mandatory for fifty stocks of Nifty ?? or only to trade with penny stocks.

  89. Gautam kumar says:

    Hello, guys, I am using Zerodha platform since last 3 month and I have a great experience with all his platforms and easy to use and fast service in my point of view Zerodha is the best broker platform in India I only want one feature in Zerodha which is Margin in delivery if then can manage this features then it would be an Awesome thing which I get

  90. NANDEESHA R P says:

    I can’t find client ID on top right as shown in your snapshot. Pl.guide us properly and give full/complete instructions.

    Thanking you

    • Matti says:

      What do you see on the top-right corner of Kite? It is impossible to not see the client ID there because the platform is the same for everyone. If you are looking at this on a mobile browser, please click on the round photo.

  91. Sadi kumar says:

    What’s illiquid scrips

  92. Arvind Singh Rawat says:

    Hello Zerodha,
    Thank you for the concern to safeguard your customers against phishing attack. I have a query regarding TOTP that as i have already setup authenticator on my primary mobile but how can i use the kite app on my second mobile too. Can i do that?

  93. Dr. Sivasankar Kandasamy says:

    One totp daily basis or everytime we have to generate new totp for login

  94. malQ says:

    Request “read only” non-transaction log-in option also to be able to share with Chartered Accountant for example. Many thanks.

  95. R.Shrikant Rao says:

    Dear Sir ,
    Today i enabled TOTP using web platform on desktop computer.But when i use kite app on smartphone(oneplus 3T)it asks to enter userid and then password and then it asks to enter TOTP on the box. To enter TOTP i have to go to google authenticator app to read the otp and when i come back to Kite app to enter otp on the box then it disappears and new page of kite app showing user id and password opens.In this way i am unable to enter otp and kite app in not opening in smartphone but opens in desktop.Please solve my problem.Thank You. R.Shrikant Rao 9425507228

  96. yuvaraj says:

    Matti,

    I use a feature phone. How can I setup TOTP please?

    Yuvaraj

  97. SD says:

    Hello Nithin & team,
    It is very sad to see that our favourite broker Zerodha has stopped listening/solving some genuine problems of its customers while enforcing this compulsory TOTP features. A few examples:
    1. If you don’t have smartphone you can not invest in most of companies having Mcap less than 500 Cr.
    2. So what even if you pay a few thousand per month as brokerage your view does not matter now.
    3. If you want to invest in small cap companies than you have to let go your personal security and choice to protect your trading account and have to enable TOTP with a third party app.
    4. Zerodha will decide wich company need TOTP and put in restrictions not only NSE/BSE. There is no rationale on decision making and no publicly stated rule. How you decide which company deserve to be there or not. I can give you hundreds of example and counter example.
    5. Many more.

    Requesting you again for the fourth time Pls. dont make these feature compulsory for all. I myself had to let go a few opportunities to average some of my previous holdings. 90 percent of big companies start from a vary small. Most importantly we should not forget to listen those who hold your hand much before others did. Time may be good or bad. It will pass through.

    For many like me, must be thinking number of time because of this silly step… should we move on?… Or should I need to change the broker? in a big dillema!

    • SD says:

      Just to add, I still find Zerodha very good in terms of many other user and customer friendly innovation and initiatives it took in the past and continuously doing. But we really don’t like the compulsory implementation of TOTP (third party mobile app dependency) and trading/investing restrictions. Just make a poll your view will be opposed by more than 95%.

      I am still hopeful that Zerodha will remove these restrictions or make it optional based on thousands of feedback they received.

      People just don’t like restrictions if thay pay or ready to pay substantial amount for those services which was supposed to be available.

      I know that the investment in T2T segment stock earn Zerodha zero brokerage but restriction on it will affect many customers who also trade in f&o and earn zerodha thousands of rupees every month alongside their investment in all kind of stocks.

  98. Raviraj Rao says:

    Why are you preventing us from buying penny scripts. Please remove this TOTP business. We should have freedom while selecting scripts. We are responsible for any acts done. Please dont act like police.

  99. shaik basha says:

    Good totp

  100. Santhosh says:

    I tried to enable TOTP, but that’s not working still. Whenever i try , getting error msg like Password incorrect though i enter correct password. Raised ticket on this issue. But there is no response from Zerodha support team. Don’t know why Zerodha doing like this

  101. Yogita says:

    I enable Google authenticate but not able to place order in app.
    It is working on web.
    Also my GTT NOT TRIGER

  102. suraj says:

    TOTP should not make mandatory for a few stocks by Zerodha. It should be optional by putting disclaimer. I don’t have time to enter every time TOTP in the mobile app if I killed and relaunched the app. This feature not beneficial at all. should provide the option to opt-out.

  103. Madhu says:

    It became very difficult zerodha……TOTP. The process of TOTP and google account…..all this become problem scanning QR code………..Why this? how to avoid…..It is liquidate shares giving warning message is enough for the customer….not more than that……Pl. remove the barrier…at the earliest.

  104. Madhu says:

    TOTP ……. is waste job…….Giving warnilng sign is enough for penny scipts…..why all this our ZARODHA account become difficult for operation……
    I tried number of times to place the order not successful…..

  105. Murli says:

    If a investor has purchased a stock through your website without any restriction, then now why you suddenly stop him from selling it from his demat account by saying it is risky iliquid connected with sms tips etc. why should he need to use totp? why are you not allowing to rectify the situation by only allowing at sell to get get out of the penny stock? This not acceptable. will you be responsible for the fall in value and subsequent loss? if somebody wants to sell from his demat account and get out you should not block his selling since you had allowed him to buy in the first place. Atleast allow him to sell and exit not buy without this shit totp business.

  106. Mukund ramani says:

    Tread padto nathi

Post a comment

* Investments in securities market are subject to market risks; Read all the related documents carefully before investing.