Features
Getting Started
  • Security
  • Fee Structure
  • Funding Options
  • Staking
  • 24/7 Support
  • Liquidity
    • Advanced
  • Margin Trading
  • Indices
  • Futures
  • OTC
  • Account Management
  • Cryptowatch
    • Prices
    Learn
  • Crypto Guides
  • Videos
  • Podcast
    • Support Futures Institutions Contact Support
    Español Français Italiano 日本語 Português
    Support

    How can we help?

    What is a YubiKey and why should I use one?

    1. Kraken
    2. Account Security & Verification
    3. Account Security
    4. Two-factor Authentication (2FA) Basics

    Want to set up Two-factor Authentication (2FA) using a YubiKey?

    Read our article to find out how.

    A YubiKey is a USB device that generates a unique passcode every time you touch or tap a button while it is plugged in.

    A YubiKey is considered to be one of the most secure tools for two-factor authentication.

    The passcode can be used for sign-indepositing or withdrawing funds from your account or as a Master Key. Note: 2FA for each of these account actions needs to be setup separately.

    YubiKey compatibility

    YubiKeys are not compatible with Trading 2FA until we implement FIDO U2F support.

    Why should I use a YubiKey instead of other 2FA options?
    Simplicity: All you need to do with a YubiKey is plug it into your computer and touch or tap a button. No need to copy a passcode from an authenticator app or worry about your device's battery running out.

    Security: OTPs (One time passwords) generated by a YubiKey are significantly longer than those from an authenticator app (32 characters vs 6 or 8 characters), which means a higher level of security.

    Harder to lose: We see a lot of lost phone tickets at Kraken Support. In our experience, clients are less likely to lose a device specifically used for 2FA than a phone that is carried around all the time.

    Privacy: Even if you lose your YubiKey, it has no identifiable information about what it is used for or who it belongs to. In contrast, an authenticator app mentions the website name and some identifiable account information because the passcode needs to be manually read by a human (this can be changed or removed, but most people keep the defaults).

    Future improvements: With the U2F protocol (coming soon to Kraken), YubiKey binds client sign-in to the original website’s URL. Only the real site can authenticate with the key. This means that while you may be tricked into thinking a website is real, the YubiKey won’t reveal your credentials.

    How does a YubiKey work?
    The passcodes are generated from a secret code that is shared between the service you are using (e.g. Kraken) and your YubiKey, as well as the increment counter (i.e. how many times you've generated a passcode with your YubiKey).
    Where can I get a YubiKey?
    You can purchase a YubiKey on Yubico's website, the producer of YubiKeys.

    Make sure the YubiKey you buy meets our compatibility requirements.

    Was this article helpful?

    Related articles

      Need more help?
    • Chat directly with one of our support specialists about your specific needs.
      • Chat now
      Prefer talking?
    • Our dedicated support specialists are here to help Monday to Friday from 8 AM UTC to 12 AM UTC.
      • Phone Support