Two-factor authentication (2FA) is an extra layer of security for your Kraken account that can ensure that:
✓ You are the only person who can sign in to your account.
✓ Once signed in, you are the only person who can perform certain actions such as depositing, withdrawing or trading.
Adding 2FA and signing into your account with 2FA
When enabled, 2FA requires an extra passcode when signing in, depositing, withdrawing or trading. This extra passcode can be stored in an app on your phone (in which the passcode changes every 30 seconds) or in a small USB device like the YubiKey (in which the passcode changes after each use).
Enabling Sign-in 2FA activates Step-up 2FA on your account. Step-up 2FA is an extra step that is required anytime you want to add, edit or remove any 2FA settings on your account. Once a change to your Kraken account is requested, you will be prompted to confirm your Sign-in 2FA again via the 6-digit code from your authenticator app or via your YubiKey. The code must be entered correctly before any changes can be made to the 2FA settings on your account.
This makes things much harder for potential attackers, as they would not only need your username and password, but would also need possession of your 2FA device (phone or YubiKey).
Functions are all the different actions you can enable 2FA for.
To learn more about the 2FA functions and how to set them up, see these specialized guides:
- How does 2FA for Sign-In work? (highly recommended)
- How does 2FA for Deposits & Withdrawals work? (optional; needs GSL*)
- How does 2FA for Trading work? (optional; needs GSL*)
- What is a Master Key? (used to remove the GSL)
*Without the GSL or an active Sign-in 2FA, these 2FA functions can be removed if your account sign-in is compromised.
Enable the GSL after you've finished setting up all your desired 2FAs and Master Key. Only sign-in 2FA does not require the GSL in order to be effective.
Each function can have 2FA enabled using different methods.
For example, you may choose to use the YubiKey method for the Sign-In function because YubiKeys are the most convenient (and secure) to use on a day-to-day basis.
Then for your Master Key function, which is only needed in the rare case when you've lost your Sign-In 2FA or need to remove the GSL, you may choose to use the Authenticator App method because it is less convenient to use and not needed as frequently.
The 2FA device or method used for the Master Key must be different from the one used for your Sign-In 2FA, otherwise it defeats the purpose of the Master Key. Remember, the Master Key allows you to change the password and settings on your account. Having Sign-in 2FA and the Master Key on the same device cancels out the security that these functions guarantee when kept separate.
It's ok to use an authenticator app for both Sign-In 2FA and the Master Key only if they are on separate phones (or other devices).
To learn more about the 2FA methods and how to set them up, see these specialized guides:
| Method | Device | Security level | Setup instructions |
| YubiKey | YubiKey | Most secure | Yubikey setup instructions |
| Authenticator app | Phone or laptop | Moderately secure | Authenticator app setup instructions |
| Static password* | N/A | Least secure (not recommended) |
Static password setup instructions |
*Static password is not an available option for your Sign-in 2FA or Funding 2FA.
Note: We don’t offer SMS-based 2FA because they are not secure.