What is 2FA?
Two-factor authentication (2FA) is an extra layer of security for your Kraken account that can be utilized to:
✓ Ensure that you are the only person who can sign in to your account.
✓ Ensure that once signed in, you are the only person who can perform certain actions such as depositing, withdrawing, or trading.
How 2FA works
When enabled, 2FA requires an extra passcode when signing in, depositing, withdrawing, or trading. This extra passcode can be stored in an app on your phone (in which the passcode changes every 30 seconds) or in a small USB device like the YubiKey (in which the passcode changes after each use).
This makes things much harder for potential attackers, as they would not only need your username and password, but would also need possession of your 2FA device (phone or YubiKey).
2FA functions
Functions are all the different actions you can enable 2FA for.
To learn more about the 2FA functions and how to set them up, see these specialized guides:
- How does 2FA for Sign-In work? (required)
- How does 2FA for Deposits & Withdrawals work? (optional; needs GSL*)
- How does 2FA for Trading work? (optional; needs GSL*)
- What is a Master Key? (used to remove the GSL)
*Important: Without the GSL, these 2FA functions can be removed if your account sign-in is compromised. Enable the GSL after you've finished setting up all your desired 2FAs and Master Key.
Only sign-in 2FA does not require the GSL in order to be effective.
2FA Methods
Each function can have 2FA enabled using different methods.
For example, you may choose to use the YubiKey method for the Sign-In function because YubiKeys are the most convenient (and secure) to use on a day-to-day basis.
Then for your Master Key function, which is only needed in the rare case when you've lost your Sign-In 2FA or need to remove the GSL, you may choose to use the Authenticator App method because it is less convenient to use and not needed as frequently.
The 2FA device and/or method used for the Master Key must be different from the one used for your Sign-In 2FA, otherwise it defeats the purpose of the Master Key. Remember, the Master Key allows you to change the password and settings on your account. Having Sign-in 2FA and the Master Key on the same device cancels out the security that these functions guarantee when kept separate.
It's ok to use an authenticator app for both Sign-In 2FA and the Master Key only if they are on separate phones (or other devices).
To learn more about the 2FA methods and how to set them up, see these specialized guides:
| Method | Device | Security level | Setup instructions |
| YubiKey | YubiKey | Most secure | Click here |
| Authenticator App | Phone or laptop | Moderately secure | Click here |
| Static password* | N/A | Least secure (not recommended) |
Click here |
*Static password is not an available option for your Sign-In 2FA or Funding 2FA.
Note: We don’t offer SMS-based 2FA because they are not secure enough. See this blog post for more information: https://blog.kraken.com/post/219/security-advisory-mobile-phones/