What is the Global Settings Lock (GSL)?

The Global Settings Lock (GSL), when enabled, acts as the last line of defense if your login password and login 2FA are compromised.

The GSL:

  1. Prevents changes being made to your Kraken account.
  2. Hides sensitive account information.

You will also be notified via email of any attempted unlock of the GSL on your account. Depending on your settings, a GSL unlock without a Master Key takes a minimum of 24 hours (or up to 30 days). This gives you time to take action in the event of a compromise.

Who should use the Global Settings Lock?

Since the entire purpose of the GSL is to prevent account changes, the GSL should be enabled once you have finished setting up, verifying, and customising your account. 

The GSL is particularly useful when you're on vacation or not planning to use your Kraken account for a while. 

However, the GSL is still important even for regular, active clients. Without the GSL enabled, an attacker who gains access to your account can turn off or change Two-factor Authentication (2FA) for login, deposits & withdrawals, trading, and the Master Key.

For example, you may have set up 2FA for trading, but if an attacker compromises your account and you did not have the GSL on, they can simply turn the trading 2FA off and then proceed to perform trades on your account.

If you want to learn how to setup the Global Settings Lock, click here.

What information is affected?

GSL Hides: GSL Shows:
🔒Security page ✓ Email address
🔒Documents page ✓ Trading & ledger history
  ✓ Balances

Note: Personal information, such as your name and address, is no longer viewable on Kraken accounts even when GSL is off.

What actions are affected?

GSL Prevents: GSL Allows:
🔒Adding withdrawal bank account ✓ Fiat deposits
🔒Adding withdrawal address (crypto) ✓ Fiat withdrawals
(to saved bank accounts)*
🔒Increasing your verification level ✓ Cryptocurrency deposits
🔒Changing your password ✓ Cryptocurrency withdrawals
(to saved addresses)*
🔒Changing your email address ✓ Trading**
🔒Adding/changing any 2FA ✓ History exports
🔒Adding/changing the master key  
🔒Adding/changing the PGP public key  
🔒Adding/changing API keys  

*You'll be asked for a Funding 2FA code. If you do not have Funding 2FA enabled, just enter '0'.

**You'll be asked for a Trading 2FA code. If you do not have Trading 2FA enabled, leave the field blank.

How does the Global Settings Lock work?

The GSL can be enabled on the Settings tab of Kraken accounts, along with an option to set the waiting period for the unlock process.

To remove the GSL, a request needs to be made again on the Settings tab. The set number of days will then need to pass before the unlock will be complete. 

An email notification is sent as soon as an unlock request is made. 

Master Key override

A Master Key (if set up prior to the GSL) can be used to immediately remove the GSL. A Master Key can also be made as the only way to remove the GSL (by setting the unlock process to '0' days).

While the Master Key override option can be convenient, it comes with an increased security risk if your Master Key is compromised. 

Example of how the GSL can protect your account from an attack:

Suppose, for example, that you turn on the GSL with the unlock process set to take 7 days.

An attacker then compromises your computer and logs in to your Kraken account.

The attacker attempts to add their own Bitcoin withdrawal address to your account to steal your funds. When the attacker realizes that they cannot add a withdrawal address because the GSL is on, the attacker requests to unlock your settings. 

You immediately receive an email notification of the unlock request, and have 7 days to log in, re-lock the GSL, and contact Kraken Support.