If you use an authenticator app like Google Authenticator, Microsoft Authenticator, Authy or Duo, before recovering your sign-in 2FA, make sure you are entering the correct code for signing in and that the time settings of the device you are using to sign in with are set to automatic.
You can only recover your sign-in 2FA if you created a Master Key. If you do not have a Master Key or lost access to it please submit a support request.
How to bypass 2FA with a Masterkey
- Navigate in your browser to pro.kraken.com. Click sign-in then click on Help.
- Click on Recover my sign-in 2FA. Enter the email address associated with your Kraken account, the username, the Master Key; and finally click on Get bypass code.
- Navigate to the inbox of your email account, open the email with the subject Kraken Security - 2FA Bypass Requested, and verify that it was sent by email@example.com.
- Copy the code of the first purple field as seen above, and then navigate back to the page where you started the 2FA recovery. Enter your password and paste your bypass code into their respective fields, and click on Sign in.
- Once signed in, click on your name in the upper right corner, click on Settings followed by 2FA Settings.
- Click on the Security tab. In the Two-Factor (2FA) Sign-in section, click on Change method.
- Click on Use Master Key instead, and finally enter your Master Key.
- Set up a new Sign-in 2FA.
Click here for a guide on how to setup Two-Factor Authentication on your account on Kraken Pro.
What is a Master Key?
A Master Key is an additional password that allows you to:
- Prevent an unwanted password reset, even if your email account is compromised (If enabled, the Master Key is required to reset your Kraken sign-In password).
- Bypass sign-in Two-factor Authentication (2FA) if you lose access to it (for this reason, sign-in 2FA and Master Key should always be kept separate).
- Turn off the Global Settings Lock (GSL) immediately if enabled on your account.
Note: Master Key should not be confused with sign-in Two-factor Authentication (2FA).
We recommend setting up a Master Key in combination with other security features.
What methods are available to use as your Master Key?
- Hardware Security Key (most secure)
A USB device that you insert into your computer which generates a unique passcode every time you touch or tap the device. This unique passcode would be, in this case, your Master Key and it would change with every use.
- Authenticator app (moderately secure)
Usually installed on a smartphone and generates a 6-8 digit passcode every 30 seconds. As with a Hardware Security Key, this unique passcode would be your Master Key and would change with each use.
- Static password (least secure; not recommended)
To be used if you want your Master Key to be a text password of your choice. As a static password does not change with each use, it’s less secure than the other options and should be long and complex enough not to be guessed.