MLX Security
MLX uses a security methodology to authenticate users within the portal known as tiered authentication. The MLX security model consists of two “tiers” of access: Protected and Restricted.
In both cases, access is premised on permissioning. Authentication tokens (i.e., password and/or digital certificate) are obtained from MLX Client Services as required. Note that the applications and products described are specific to defined roles or users and may not be available to all customers in all jurisdictions.
Protected Access: Your Login ID and Password
Access to the portal and many of the features on the portal require only a Login ID and password. This is Protected access.
Your Login ID is unique to you. Please do not share it with anyone.
For security reasons, you will be prompted to change your password every 60 days. You may also change your password at any time by accessing the My MLX section of the portal or by contacting MLX Client Services.
We recommend that you change your password regularly. Please change your password immediately if you suspect that it has been compromised.
Restricted Access: Digital Certificates
Certain areas within MLX contain confidential account information or specialized functionality such as on-line trading. For the protection and the privacy of your information, access to these areas of MLX requires additional security. Users will be prompted to present a digital certificate upon entering these areas of the portal. This is Restricted Access.
A digital certificate is an electronic "credential" used to provide an additional level of security and ease the sign-on process to MLX. The certificate contains a unique certificate number and codes, which are stored in your Web browser. This information uniquely identifies each user to MLX.
If you would like to access a restricted application on MLX from multiple computers or browsers, you must contact MLX Client Services for information on exporting / importing your digital certificate.
We strongly recommend that you password protect the digital certificate from unauthorized use or copying and that you password protect your workstation, as well. Ultimately, it is the physical security of your workstation that is the best protection against unauthorized use of your access to MLX.
The following are frequently asked questions regarding digital certificates:
- Your public key
- Your name and email address
- Expiration date of the public key
- Name of the company (the Certification Authority (CA)) who issued your digital certificate
- Serial number of the digital certificate
- Digital signature of the CA
2) What kinds of applications on MLX do I need a digital certificate for and why?
You will need to present your digital certificate before accessing any area of MLX that may contain your organization’s individual account information, or any area of MLX that allows you to perform value-bearing transactions.
When used in conjunction with your Login ID and password, your digital certificate provides an additional layer of security that cannot be easily compromised.
3) How do I get a digital certificate?
When you are entitled for a Restricted Application, you will be asked to contact Client Services to obtain a passcode, required for a digital certificate. Client Services will take steps to confirm your identity, and upon doing so, will provide you with your passcode. Downloading of your digital certificate is a short process that takes under two minutes.
4) I work from home (or another location). Can I use my digital certificate from there, as well as from my office computer?
Yes. However, you will need to export your certificate from your first computer, and then import the certificate into your second computer. This process takes about five minutes, and requires a floppy disk. Please contact MLX Client Services for step-by-step instructions on how to import and export digital certificates.
5) How do I use my digital certificate?
Log into MLX as normal using your Login ID and password. When you access a Restricted Application on MLX, a browser dialog box will appear, requesting that you present your digital certificate. If you have multiple digital certificates installed in your browser, you will be shown a list of digital certificates to choose from.
Select the digital certificate, and click the button to continue. You will not be prompted for your digital certificate again until the next time you log on to MLX.
6) How long does my Digital Certificate last?
Your Digital Certificate is valid for one year from issuance. As the expiration date of your certificate approaches, you will be notified via e-mail with instructions on how to renew the certificate.
7) Can I give my digital certificate to someone else?
No. Your digital certificate represents your identity, much like a passport or a driver’s license. It cannot be shared.
8) What do I do if I suspect my digital certificate has been compromised?
If you believe that your digital certificate has been compromised (for example, your laptop is stolen, or there has been unauthorized entry into your workstation), contact MLX Client Services immediately. They will revoke your certificate and reissue a new one.
9) I travel a lot. Can I use my digital certificate from a public computer, such as in an airport?
No. The risk of an unauthorized individual gaining access to your certificate is too high. If you need to export your digital certificate for use while traveling, please use it only on secure, private workstations, and be sure to delete the certificate from the workstation after you are finished with it. MLX Client Services can provide you full details on this process.
10) I no longer require access to MLX. What do I do with my digital certificate?
Please contact MLX Client Services. They will assist you in revoking the digital certificate.
1) What is a digital certificate?
A digital certificate, sometimes called a digital ID, is a file on your computer that identifies who you are. Some software applications use this file to prove your identity to another person or computer.
A digital certificate typically contains the following information:
Merrill Lynch's Commitment to Security
At Merrill Lynch, we recognize that there are inherent risks when using the Internet and are committed to providing our clients with an environment that is as secure and private as possible. To help ensure that we meet this commitment, Merrill Lynch employs sophisticated information security technology for user authentication, user authorization and privacy.
User Authentication
To ensure that only approved, authorized personnel have access to MLX, all users must prove who they are before they are allowed into the site. Supplying this proof, called authentication, is required at two levels:
1) To gain access to the protected area of MLX, you must possess a valid Login ID and password.
2) For access to a restricted portion of MLX, you will be prompted for a Login ID, password & Digital Certificate.
Login IDs, Digital Certificates and passwords are supplied by Merrill Lynch. To request access to MLX, contact MLX Client Services by selecting "Contact Us" at the top right hand corner of the screen or contact an ML Account Representative.
Once you are an authenticated user, you must then be authorized to access specific functions and information within MLX and its products. This level of authorization ensures that you can only access information and functions that are appropriate for you. User authorization is determined and updated in the system at the time you are approved for access.
Privacy
We employ encryption technology called Secure Socket Layer (SSL). SSL encrypts data transmitted between your computer and MLX, with a session specific, one time only key. This encrypted connection is automatically established between MLX and your browser and uses the key to encrypt/decrypt the data sent via the Internet. Without this key, an unauthorized user will be unable to make sense of any data they might intercept.
To see if you are using an SSL session, look at the bottom bar of your browser. If you see a small lock icon, it means you are processing in SSL mode. You will also notice https:// in the Web site address.
Current as of: 8 June 2001
Neither the information nor any opinion contained on this page constitutes a solicitation or offer by Merrill Lynch to buy or sell any security, futures contract, options contract, financial instrument or service. Certain products and services may not be available to you. The information on this page is not intended for distribution to or use by any person or entity in any jurisdiction where (a) distribution or use of such information would be contrary to law or regulations, or (b) Merrill Lynch would become subject to new or additional legal or regulatory requirements. If you have a contractual relationship with a Merrill Lynch entity that extends to products and services referenced on this page, the communications made hereby are and shall be deemed made, as the context may require, by such entity. For further details, please click "Terms and Conditions of Use and Privacy Statement" below.