For information on changes for our US clients, please visit our Support Center article.

Search
What is the Global Settings Lock (GSL)?
The Global Settings Lock (GSL), when enabled, acts as the last line of defense if your sign-in password and sign-in 2FA are compromised.
The GSL:
  1. 1
    Prevents changes being made to your Kraken account.
  2. 2
    Hides sensitive account information.
You will also be notified via email of any attempted unlock of the GSL on your account. Depending on your settings, a GSL unlock without a Master Key takes a minimum of 24 hours (or up to 30 days). This gives you time to take action in the event of a compromise.

Frequently asked questions

Who should use the Global Settings Lock?
Since the entire purpose of the GSL is to prevent account changes, the GSL should be enabled once you have finished setting up, verifying, and customising your account. The GSL is particularly useful when you're on vacation or not planning to use your Kraken account for a while. However, the GSL is still important even for regular, active clients. Without the GSL enabled, an attacker who gains access to your account can turn off or change Two-factor Authentication (2FA) for sign-in, funding, trading and the Master Key.
For example, you may have set up trading 2FA, but if an attacker compromises your account and you did not have the GSL on, they can simply turn the trading 2FA off and then proceed to perform trades on your account. Learn how to setup the Global Settings Lock, click here.
How does the Global Settings Lock work?
The GSL can be enabled on the Settings tab of Kraken accounts, along with an option to set the waiting period for the unlock process.
To remove the GSL, a request needs to be made again on the Settings tab. The set number of days will then need to pass before the unlock will be complete. 
An email notification is sent as soon as an unlock request is made.

Master Key override

A Master Key (if set up prior to the GSL) can be used to immediately remove the GSL.
While the Master Key override option can be convenient, it comes with an increased security risk if your Master Key is compromised.
What information is affected?
GSL Hides:
  • Security page
  • Documents page
  • Email Address
GSL Shows:
  • Trading & ledger history
  • Balances
What actions are affected?
GSL Prevents:
  • Adding withdrawal bank account
  • Adding withdrawal address (crypto)
  • Increasing your verification level
  • Changing your password
  • Changing your email address
  • Adding or changing any 2FA
  • Adding or changing the master key
  • Adding or changing the PGP public key
  • Adding or changing API keys
How can the GSL protect your account?
Suppose, for example, that you turn on the GSL with the unlock process set to take seven days.
An attacker then compromises your computer and logs in to your Kraken account.
The attacker attempts to add their own Bitcoin withdrawal address to your account to steal your funds. When the attacker realizes that they cannot add a withdrawal address because the GSL is on, the attacker requests to unlock your settings. 
You immediately receive an email notification of the unlock request, and have seven days to sign in, re-lock the GSL, and contact Kraken Support.