What is the Global Settings Lock (GSL)?

The Global Settings Lock (GSL) is a security feature that prevents changes being made to your Kraken account settings and hides sensitive account information from view. When enabled, even if an attacker compromises your account, they will be unable to modify your account, add new withdrawal addresses, or change the email address registered on the account. You will also be notified via email of any attempted unlock of the GSL on your account, so you can take appropriate action to secure your account in the event of a compromise.

If you just want to learn how to setup the Global Settings Lock, click here.

Who should use the Global Settings Lock?

The Global Settings Lock, combined with Two-factor Authentication for login, is recommended for all Kraken users. It is particularly useful for those who hold funds in their account for extended periods of time.

What actions and information are affected?

Locked: Hidden: Available actions:
Account settings / Notification settings Personal account verification information Trading (2FA enabled for trading required)
Password changes Security settings Deposits to existing deposit addresses 
Ability to add new withdrawal addresses   Withdrawals to existing withdrawal addresses

 

Are there security features that require the Global Settings Lock to be effective?

Yes. Without the Global Settings Lock enabled, an attacker who gains access to your account can turn off Two-factor Authentication for login, deposits & withdrawals, trading, and the Master Key. For example, you may have set up 2FA for trading, but if an attacker compromises your account and you did not have the Global Settings Lock on, they can simply turn 2FA for trading off and then proceed to perform trades on your account, as your settings were not locked and can be modified without the Global Settings Lock enabled.

How does the Global Settings Lock work?

Users can turn on the Global Settings Lock under the Settings tab on their account. After the GSL is enabled, anyone who accesses the account will need to request an unlock and then wait a set number of days before the unlock will occur. An email notification is sent as soon as an unlock request is made. 

What if I set the GSL Unlock process to take more than '0' days?

After an unlock request is made, the number of days you chose for the unlock process to take when the Global Settings Lock was enabled will need to pass before the unlock will occur. This can be inconvenient for quickly modifying your settings, but an excellent feature when, for example, you go on vacation and don't want any changes made on your account while you are away. 

What if I set the GSL Unlock process to take '0' days?

In this case, a Master Key will be required to turn the Global Settings Lock off and unlock your settings. You should set up a Master Key on your account before you turn the Global Settings Lock on with an unlock process set to '0' days.

This override option can be convenient, but comes with an increased security risk, as your Global Settings Lock can simply be turned off using the Master Key.

An example of how the Global Settings Lock can protect your account from an attack:

Suppose, for example, that you turn on the Global Settings Lock, with the unlock process set to take seven days.

An attacker then compromises your computer and logs in to your Kraken account. The attacker then attempts to add their own Bitcoin withdrawal address to your account to steal your funds. When the attacker realizes that they cannot add a withdrawal address because the GSL is on, the attacker requests to unlock your settings.

With the Global Settings Lock enabled, you would immediate receive an email notification of the unlock request, and would then have 7 days to log in and relock the GSL before the unlock occurs, while taking measures to secure your account at the same time. 

In the case that you discover an unauthorized GSL unlock request, you can also immediately contact Kraken Support to temporarily disable your account until you are available to safety secure the account once again.