A Security Key is a small physical device used for additional security next to your password and is considered to be one of the most secure ways of two-factor authentication (2FA). Most Security Keys are very simple and you only need to touch or tap a button while it is plugged into the USB port of your device.
At this moment only sign-in 2FA can be secured with both FIDO2 and OATH OTP protocols. We expect to support FIDO2 for all 2FA functions in the near future.
| Available Security Key protocols | |
|---|---|
| Sign-in 2FA |
FIDO2, OATH OTP (YubiKey) |
| Trading 2FA |
None |
| Funding 2FA |
OATH OTP (YubiKey) |
| Master Key |
OATH OTP (YubiKey) |
Each function needs to be setup separately
Why should I use a Security Key instead of an authenticator app?
- Simplicity
All you need to do with a Security Key is plug it into, or hold it against your device and touch or tap a button. No need to copy a passcode from an authenticator app or worry about your device's battery running out. - Security
OTP’s generated by a Security Key are significantly longer than those from an authenticator app (32 characters versus 8 or less characters). FIDO2 adds additional security on top of this, because the protocol will only respond to a challenge from the website that you registered it on, and will therefore prevent phishing. - Harder to lose
We see a lot of tickets at Kraken Support because someone lost their phone. In our experience, it is less likely to lose a device specifically used for 2FA than a phone that is carried around all the time. - Privacy
Even if you lose your Security Key, it has no identifiable information about what it is used for or who it belongs to. In contrast, an authenticator app mentions the website name and some identifiable account information because the passcode needs to be manually read by a human.
Where can I get a Security Key?
Some of the most popular FIDO2 security key providers are:
Each has their own advantages and disadvantages. Some are multifunctional, and also serve as a cryptocurrency wallet, while others are specialized in providing security above everything else.It is up to you which provider you choose, we recommend starting with searching “fido2 security key comparison” in your preferred search engine or picking one of the popular Security Key providers we mentioned earlier.
How to set up a Security Key on Kraken
- Make sure your Security Key is compatible with (OATH) OTP or FIDO2.
Review this article for YubiKey compatibility. - Navigate to the 2FA settings of your account
- Decide the function you want to enable 2FA for, by clicking the Change method link or switch.
- Select the Security key menu and click on the Set up key button.
- Insert your Security key into your device.
Some Security keys will instead require you to hold it against your device.
- Click confirm on the following screen.
- Congratulations, you have secured your Kraken account!
How to update Sign-in 2FA from YubiKey OTP to a FIDO2 Security Key
Updating your Sign-in 2FA from a Security Key that uses YubiKey OTP to a Security Key that uses FIDO2 takes less than a minute!
- Sign into your Kraken account and navigate to your 2FA settings.
- Select Change method in the Sign-in section and then use your current YubiKey to authorize this change.
- Select the Security Key menu and then select the Set up key button.
- Insert your FIDO2 Security Key into your device.
- Select allow on the following screen.
- Congratulations, your FIDO2 Security Key is now enabled as Sign-in 2FA for your Kraken account! You have the highest level of security available to protect unauthorized access to your account.
I lost my Security Key!
If you no longer have access to your Security Key, please fill out this form.
What is a FIDO2 PIN?
Depending on the device you use, you may be prompted to set or use a PIN when using a FIDO2 key. You can find more information on how to manage you security key's PIN here.