In the event of a sign-in compromise, enabling Two-Factor Authentication (2FA) for Deposits & Withdrawals (i.e. Funding) improves your account security by preventing attackers from moving funds in or out of your account.
Deposits 2FA requires a 2FA code for:
- Generating a new cryptocurrency deposit address (and thus preventing existing addresses from expiring)
Withdrawal 2FA requires a 2FA code for:
- Withdrawing any type of funds from your Kraken account
- Transfers to your Futures wallet (but not from your Futures Wallet)
However, Withdrawal 2FA does not prevent the addition of cryptocurrency withdrawal addresses. For that, you'll need to enable the Global Settings Lock (GSL).
Below are screenshot examples of what you would see when 2FA for Deposits & Withdrawals is enabled.
1. Adding a cryptocurrency deposit address:
2. Requesting a withdrawal:
Should I set up Deposits & Withdrawals 2FA?
Adding 2FA for Deposits & Withdrawals is an excellent choice for high value accounts and clients who prefer top-notch security for their accounts.
Clients who hold funds in their account at Kraken, but do not frequently transfer funds to or out of their account are also encouraged to enable this feature.
How do I set up Deposits & Withdrawals 2FA?
If you have not already set up a Sign-In 2FA on your account, you will be prompted to do so first before setting up 2FA for Deposits & Withdrawals.
1. Sign in to your Kraken account.
2. Click on your name in the upper-right corner of the page.
3. Click on Security and then select 2FA Settings.
4. Under Funding, select the On/Off switch or "Change method" and choose the 2FA method you want to use.
The methods available are:
- YubiKey device (most secure)
- Authenticator app (moderately secure)
- Static password (no longer available for Funding 2fa)
IMPORTANT: After enabling 2FA for Deposits & Withdrawals, you must also enable the Global Settings Lock (GSL) in order for it to be effective. Without the GSL, the Deposits & Withdrawals 2FA can be easily removed or changed by anyone who gains access to the account.