A Security Key is a small physical device used for additional security next to your password and is considered to be one of the most secure ways of two-factor authentication (2FA). Most Security Keys are very simple and you only need to touch or tap a button while it is plugged into the USB port of your device.
At this moment only sign-in 2FA can be secured with both FIDO2 and OATH OTP protocols. Funding 2FA and the Master Key can however be secured with a YubiKey. And to enable trading 2FA you will need to use an authenticator app or a static password. We expect to support FIDO2 for all 2FA functions in the near future.
Each function needs to be setup separately
All you need to do with a Security Key is plug it into, or hold it against your device and touch or tap a button. No need to copy a passcode from an authenticator app or worry about your device's battery running out.
OTP’s generated by a Security Key are significantly longer than those from an authenticator app (32 characters versus 8 or less characters). FIDO2 adds additional security on top of this, because the protocol will only respond to a challenge from the website that you registered it on, and will therefore prevent phishing.
- Harder to lose
We see a lot of tickets at Kraken Support because someone lost their phone. In our experience, it is less likely to lose a device specifically used for 2FA than a phone that is carried around all the time.
Even if you lose your Security Key, it has no identifiable information about what it is used for or who it belongs to. In contrast, an authenticator app mentions the website name and some identifiable account information because the passcode needs to be manually read by a human.
Some of the most popular FIDO2 security key providers are:
It is up to you which provider you choose, we recommend starting with searching “fido2 security key comparison” in your preferred search engine or picking one of the popular Security Key providers we mentioned earlier.
- Make sure your Security Key is compatible with (OATH) OTP or FIDO2.
Review this article for YubiKey compatibility.
- Navigate to the 2FA settings of your account
- Decide the function you want to enable 2FA for, by clicking the Change method link or switch.
- Select the Security key menu and click on the Set up key button.
- Insert your Security key into your device.
Some Security keys will instead require you to hold it against your device.
- Click confirm on the following screen.
- Congratulations, you have secured your Kraken account!
Updating your Sign-in 2FA from a Security Key that uses YubiKey OTP to a Security Key that uses FIDO2 takes less than a minute!
- Sign into your Kraken account and navigate to your 2FA settings.
- Select Change method in the Sign-in section and then use your current YubiKey to authorize this change.
- Select the Security Key menu and then select the Set up key button.
- Insert your FIDO2 Security Key into your device.
- Select allow on the following screen.
- Congratulations, your FIDO2 Security Key is now enabled as Sign-in 2FA for your Kraken account! You have the highest level of security available to protect unauthorized access to your account.