- Prevents changes being made to your Kraken account.
- Hides sensitive account information.
You will also be notified via email of any attempted unlock of the GSL on your account. Depending on your settings, a GSL unlock without a Master Key takes a minimum of 24 hours (or up to 30 days). This gives you time to take action in the event of a compromise.
Who should use the Global Settings Lock?
Since the entire purpose of the GSL is to prevent account changes, the GSL should be enabled once you have finished setting up, verifying, and customising your account.
The GSL is particularly useful when you're on vacation or not planning to use your Kraken account for a while.
However, the GSL is still important even for regular, active clients. Without the GSL enabled, an attacker who gains access to your account can turn off or change Two-factor Authentication (2FA) for sign-in, deposits & withdrawals, trading, and the Master Key.
For example, you may have set up 2FA for trading, but if an attacker compromises your account and you did not have the GSL on, they can simply turn the trading 2FA off and then proceed to perform trades on your account.
If you want to learn how to setup the Global Settings Lock, click here.
What information is affected?
- Security page
- Documents page
- Email address
- Trading & ledger history
What actions are affected?
- Adding withdrawal bank account
- Adding withdrawal address (crypto)
- Increasing your verification level
- Changing your password
- Changing your email address
- Adding/changing any 2FA
- Adding/changing the master key
- Adding/changing the PGP public key
- Adding/changing API keys
- Fiat deposits
- Fiat withdrawals (to saved bank accounts)*
- Cryptocurrency deposits
- Generating new deposit address*
- Cryptocurrency withdrawals (to saved addresses)*
- History exports
- Staking and unstaking
- Futures transfers
*You'll be asked for a Funding 2FA code. If you do not have Funding 2FA enabled, just enter '0'.
**You'll be asked for a Trading 2FA code. If you do not have Trading 2FA enabled, leave the field blank.
How does the Global Settings Lock work?
The GSL can be enabled on the Settings tab of Kraken accounts, along with an option to set the waiting period for the unlock process.
To remove the GSL, a request needs to be made again on the Settings tab. The set number of days will then need to pass before the unlock will be complete.
An email notification is sent as soon as an unlock request is made.
Master Key override
A Master Key (if set up prior to the GSL) can be used to immediately remove the GSL. A Master Key can also be made as the only way to remove the GSL (by setting the unlock process to '0' days).
While the Master Key override option can be convenient, it comes with an increased security risk if your Master Key is compromised.
How can the GSL protect your account?
Suppose, for example, that you turn on the GSL with the unlock process set to take 7 days.
An attacker then compromises your computer and logs in to your Kraken account.
The attacker attempts to add their own Bitcoin withdrawal address to your account to steal your funds. When the attacker realizes that they cannot add a withdrawal address because the GSL is on, the attacker requests to unlock your settings.
You immediately receive an email notification of the unlock request, and have 7 days to sign in, re-lock the GSL, and contact Kraken Support.