The Global Settings Lock (GSL), when enabled, acts as the last line of defense if your sign-in password and sign-in 2FA are compromised.
- Prevents changes being made to your Kraken account.
- Hides sensitive account information.
You will also be notified via email of any attempted unlock of the GSL on your account. Depending on your settings, a GSL unlock without a Master Key takes a minimum of 24 hours (or up to 30 days). This gives you time to take action in the event of a compromise.
Frequently asked questions
The GSL is particularly useful when you're on vacation or not planning to use your Kraken account for a while.
However, the GSL is still important even for regular, active clients. Without the GSL enabled, an attacker who gains access to your account can turn off or change Two-factor Authentication (2FA) for sign-in, funding, trading and the Master Key.
For example, you may have set up trading 2FA, but if an attacker compromises your account and you did not have the GSL on, they can simply turn the trading 2FA off and then proceed to perform trades on your account.
Learn how to setup the Global Settings Lock, click here.
To remove the GSL, a request needs to be made again on the Settings tab. The set number of days will then need to pass before the unlock will be complete.
An email notification is sent as soon as an unlock request is made.
Master Key override
A Master Key (if set up prior to the GSL) can be used to immediately remove the GSL.
While the Master Key override option can be convenient, it comes with an increased security risk if your Master Key is compromised.
- Security page
- Documents page
- Email Address
- Trading & ledger history
Note: Personal information, such as your name and address, is no longer viewable on Kraken accounts even when GSL is off.
- Adding withdrawal bank account
- Adding withdrawal address (crypto)
- Increasing your verification level
- Changing your password
- Changing your email address
- Adding or changing any 2FA
- Adding or changing the master key
- Adding or changing the PGP public key
- Adding or changing API keys
An attacker then compromises your computer and logs in to your Kraken account.
The attacker attempts to add their own Bitcoin withdrawal address to your account to steal your funds. When the attacker realizes that they cannot add a withdrawal address because the GSL is on, the attacker requests to unlock your settings.
You immediately receive an email notification of the unlock request, and have seven days to sign in, re-lock the GSL, and contact Kraken Support.