Two-factor authentication (2FA) is an extra layer of security for your Kraken account. While using sign-in 2FA, gaining access to your account will require your username, password and an additional passcode that can only be created from a physical device that you own.
✓ Unauthorized access is stopped if your username and password are stolen.
✓ Your account can only be accessed by the holder of the device that has the 2FA code.
✓ Every time you sign in, your device creates a unique passcode that is required for accessing your account.
✓ Once signed in, you are the only person who can perform certain actions such as trading, withdrawing or depositing.
Enabling sign-in 2FA also activates Step-up 2FA. This is an extra step that is required anytime that 2FA settings on your account are added, edited or removed. Once a change to your Kraken account is requested, a popup window will appear to confirm your sign-in 2FA again via the 6-digit code from your authenticator app or via your Hardware Security Key.
Without the Step-up 2FA code no changes can be made, even if somebody managed to sign into your account without your permission.
Adding 2FA and signing into your account with 2FA
To learn more about the 2FA functions and how to set them up, check out these articles:
- How does 2FA for sign-in work?
- How does 2FA for trading work?
- How does 2FA for withdrawals & deposits work?
- What is a Master Key?
Tip: Enable the GSL after you have enabled 2FA functions.
For example, you may choose to use the Hardware Security Key method for the sign-in function because Hardware Security Keys are the most convenient and secure to use in daily life.
Then for your Master Key function, you may choose to use the authenticator app method because it is less convenient to use and not needed as frequently. The Master Key is only needed in the rare case when you've lost your sign-in 2FA, have to change your password or need to remove the GSL immediately.
Having sign-in 2FA and the Master Key on the same device cancels out the security that these functions guarantee when kept separate. The 2FA method used for the Master Key should be different from the one used for your sign-in 2FA, otherwise it defeats the purpose of the Master Key.
If you use separate devices you could use an authenticator app for both functions as each app will generate a different code.
To learn more about the 2FA methods and how to set them up, check out these articles:
| Method | Security level | Setup instructions |
|---|---|---|
| Hardware Security Key | Most secure | Hardware Security Key setup instructions |
| Authenticator app | Moderately secure | Authenticator app setup instructions |
|
Static password |
Least secure (not recommended) |
Static password setup instructions |
Looking for SMS-based 2FA? This is not considered a secure 2FA method, find out why.