What is the Global Settings Lock (GSL)?

The Global Settings Lock (GSL) is a security feature that:

  1. prevents changes being made to your Kraken account settings, and
  2. hides sensitive account information from view.

When enabled, even if an attacker compromises your account, they will be unable to:

  • modify your account,
  • add withdrawal addresses, or
  • change the email address registered on the account.

You will also be notified via email of any attempted unlock of the GSL on your account, so you can take appropriate action to secure your account in the event of a compromise.

If you just want to learn how to setup the Global Settings Lock, click here.

Who should use the Global Settings Lock?

The Global Settings Lock, combined with Two-factor Authentication (2FA) for login, is recommended for all Kraken users.

It is particularly useful for those who hold funds in their account for extended periods of time.

What actions and information are affected?

Locked: Hidden: Available actions:
✖ Account settings / Notification settings Personal account verification information ✓ Trading (requires trading 2FA)
✖ Password changes Security settings ✓ Deposits to existing deposit addresses 
✖ Ability to add new withdrawal addresses   ✓ Withdrawals to existing withdrawal addresses

Are there security features that require the Global Settings Lock to be effective?

Yes. Without the Global Settings Lock enabled, an attacker who gains access to your account can turn off Two-factor Authentication (2FA) for login, deposits & withdrawals, trading, and the Master Key.

For example, you may have set up 2FA for trading, but if an attacker compromises your account and you did not have the Global Settings Lock on, they can simply turn 2FA for trading off and then proceed to perform trades on your account, as your settings were not locked and can be modified without the Global Settings Lock enabled.

How does the Global Settings Lock work?

Users can turn on the Global Settings Lock under the Settings tab on their account.

After the GSL is enabled, anyone who accesses the account will need to request an unlock and then wait a set number of days before the unlock will occur.

An email notification is sent as soon as an unlock request is made. 

What if I set the GSL Unlock process to take more than '0' days?

After an unlock request is made, the number of days you chose for the unlock process to take when the Global Settings Lock was enabled will need to pass before the unlock will occur.

This can be inconvenient for quickly modifying your settings, but an excellent feature when, for example, you go on vacation and don't want any changes made on your account while you are away.

If you want the option to quickly remove the GSL, you will need to set up a Master Key before you turn the GSL on. While this override option can be convenient, it comes with an increased security risk as your Global Settings Lock can simply be turned off using the Master Key.

What if I set the GSL Unlock process to take '0' days?

If you set your Global Settings Lock to '0' days, it will remain indefinitely.

In this case, a Master Key will be required to turn the GSL off and unlock your settings.

It's important to set up a Master Key on your account before you turn the GSL on with an unlock process set to '0' days.

If you set the GSL to 0 days (i.e. forever) and forgot to set up a Masterkey, you'll need to contact our support team to get the GSL removed.

Example of how the GSL can protect your account from an attack:

Suppose, for example, that you turn on the Global Settings Lock, with the unlock process set to take seven days.

An attacker then compromises your computer and logs in to your Kraken account. The attacker then attempts to add their own Bitcoin withdrawal address to your account to steal your funds. When the attacker realizes that they cannot add a withdrawal address because the GSL is on, the attacker requests to unlock your settings.

With the Global Settings Lock enabled, you would immediately receive an email notification of the unlock request, and would then have 7 days to log in and relock the GSL before the unlock occurs, while taking measures to secure your account at the same time. 

In the case that you discover an unauthorized GSL unlock request, you can also immediately contact Kraken Support to temporarily disable your account until you are available to safely secure the account once again.