At Kraken, we prioritize and invest heavily in security. However, don't let this put your own guard down. No amount of security on our end can make up for poor personal security.
It is vital for clients to take advantage of the account security tools and advice that we offer.
Basic (must do)
- Set up Two-factor Authentication (2FA) for login, ideally using a Yubikey, and do not back it up in an unsecure way! This is the most important security feature.
- Set up a Master Key to require authentication for account recovery. Make sure it is set up using a different method from Login 2FA. For example, if you use a Yubikey for Login 2FA, then use authenticator app or a different Yubikey for the Master Key.
- Secure the email account registered to your Kraken account with a strong password and Two-factor Authentication (2FA). Remove any and all phone numbers from your email account.
Beware of the following (must know)
- Phishing scams. Even Login 2FA can't protect your account if you enter it on a phishing website or share it with a scammer.
- Phone support scams.
- Phone number hijacking.
- Set up Two-factor Authentication (2FA) for withdrawals and trading. However, the Global Settings Lock must be enabled in order for these 2FAs to be effective.
- Enable the Global Settings Lock (GSL) to lock down your account and 2FA settings and to prevent withdrawal addresses from being added even if an attacker gains access to your account. Be sure to first set up the Master Key before enabling the GSL.
- If your email supports PGP signing and encryption, provide us with your PGP key to receive signed and encrypted email from us.