✓ You are the only person who can sign in to your account.
✓ Once signed in, you are the only person who can perform certain actions such as depositing, withdrawing or trading.
Adding 2FA and signing into your account with 2FA
Enabling sign-in 2FA activates Step-up 2FA on your account. Step-up 2FA is an extra step that is required anytime you want to add, edit or remove any 2FA settings on your account. Once a change to your Kraken account is requested, you will be prompted to confirm your sign-in 2FA again via the 6-digit code from your authenticator app or via your Hardware Security Key. The code must be entered correctly before any changes can be made to the 2FA settings on your account.
This makes things much harder for potential attackers, as they would not only need your username and password, but would also need possession of your 2FA device (phone or Hardware Security Key).
To learn more about the 2FA functions and how to set them up, see these specialized guides:
- How does 2FA for sign-in work? (highly recommended)
- How does 2FA for deposits & withdrawals work? (optional; needs GSL*)
- How does 2FA for trading work? (optional; needs GSL*)
- What is a Master Key? (used to remove the GSL)
*Without the GSL or an active sign-in 2FA, these 2FA functions can be removed if your account sign-in is compromised.
Enable the GSL after you have finished setting up all your desired 2FAs and Master Key. Only sign-in 2FA does not require the GSL in order to be effective.
For example, you may choose to use the Hardware Security Key method for the sign-In function because Hardware Security Keys are the most convenient (and secure) to use on a day-to-day basis.
Then for your Master Key function, which is only needed in the rare case when you've lost your sign-In 2FA or need to remove the GSL, you may choose to use the Authenticator App method because it is less convenient to use and not needed as frequently.
The 2FA device or method used for the Master Key must be different from the one used for your Sign-In 2FA, otherwise it defeats the purpose of the Master Key. Remember, the Master Key allows you to change the password and settings on your account. Having sign-in 2FA and the Master Key on the same device cancels out the security that these functions guarantee when kept separate.
It's ok to use an authenticator app for both sign-In 2FA and the Master Key only if they are on separate phones (or other devices).
To learn more about the 2FA methods and how to set them up, see these specialized guides:
| Method | Device | Security level | Setup instructions |
|---|---|---|---|
| Hardware Security Key | Phone or computer | Most secure | Hardware Security Key setup instructions |
| Authenticator app | Phone or computer | Moderately secure | Authenticator app setup instructions |
| Static password* | Phone or computer | Least secure (not recommended) |
Static password setup instructions |
*Static password is not an available option for your sign-in 2FA or funding 2FA.
Note: We don’t offer SMS-based 2FA because they are not secure.