Using a Security Key for two-factor authentication (2FA)
A Security Key is a small physical device used for additional security next to your password and is considered to be one of the most secure ways of two-factor authentication (2FA). Most Security Keys are very simple and you only need to touch or tap a button while it is plugged into the USB port of your device.
At this moment only sign-in 2FA can be secured with both FIDO2 and Yubico OTP protocols. We expect to support FIDO2 for all 2FA functions in the near future.
| Functions | Available Security Key protocols |
|---|---|
| Sign-in 2FA | FIDO2, Yubico OTP |
| Trading 2FA | None |
| Funding 2FA | Yubico OTP |
| Master Key | Yubico OTP |
Each function needs to be set up separately. To learn more about the 2FA functions above, you can review this support article.
Security Keys frequently asked questions:
Why should I use a Security Key instead of an authenticator app?
- SimplicityAll you need to do with a Security Key is plug it into, or hold it against your device and touch or tap a button. No need to copy a passcode from an authenticator app or worry about your device's battery running out.
- SecurityOTP’s generated by a Security Key are significantly longer than those from an authenticator app (44 characters versus 8 or less characters). FIDO2 adds additional security on top of this, because the protocol will only respond to a challenge from the website that you registered it on, and will therefore prevent phishing.
- Harder to loseWe see a lot of tickets at Kraken Support because someone lost their phone. In our experience, it is less likely to lose a device specifically used for 2FA than a phone that is carried around all the time.
- PrivacyEven if you lose your Security Key, it has no identifiable information about what it is used for or who it belongs to. In contrast, an authenticator app mentions the website name and some identifiable account information because the passcode needs to be manually read by a human.
Where can I get a Security Key?
Some of the most popular FIDO2 Security Key providers are:
How to set up a Security Key on Kraken
- 1Make sure your Security Key is compatible with Yubico OTP or FIDO2. Review this article for YubiKey compatibility.
- 2Navigate to the 2FA settings of your account
- 3Decide the function you want to enable 2FA for, by clicking the Change method link or switch.
- 4Select the Security Key menu and click on the Set up key button.
- 5Insert your Security key into your device.Some Security keys will instead require you to hold it against your device.
- 6Click confirm on the following screen.
- 7Congratulations, you have secured your Kraken account!
How to update Sign-in 2FA from YubiKey OTP to a FIDO2 Security Key
Updating your Sign-in 2FA from a Security Key that uses YubiKey OTP to a Security Key that uses FIDO2 takes less than a minute!
- 1Sign into your Kraken account and navigate to your 2FA settings.
- 2Select Change method in the Sign-in section and then use your current YubiKey to authorize this change.
- 3Select the Security Key menu and then select the Set up key button.
- 4Insert your FIDO2 Security Key into your device.
- 5Select allow on the following screen.
- 6Congratulations, your FIDO2 Security Key is now enabled as Sign-in 2FA for your Kraken account! You have the highest level of security available to protect unauthorized access to your account.
I lost my Security Key!
If you no longer have access to your Security Key, please fill out this form.
What is a FIDO2 PIN?
Depending on the device you use, you may be prompted to set or use a PIN when using a FIDO2 key. For an overview on how to set or use a PIN you can visit the website of your Security Key manufacturer. For example, if your Security Key is a YubiKey, you can find more information on how to manage your Security Key's PIN on Yubico's website.