How does Two-factor Authentication (2FA) for login work?

Enabling Two-Factor Authentication (2FA) for Login improves account security by adding a second authentication method in addition to your login password for signing in to your Kraken account. The benefit of enabling 2FA on your account for logins is to protect against attackers trying to access your account, as any attacker would not only need the username and password, but also be in possession of your 2FA code to log in to your account.

For example, if your registered email account is compromised, an attacker could request your Kraken username and reset your account password through your email. Having 2FA for Login enabled on your account would prevent that attacker from successfully logging into your account, even after gaining possession of both your username and password.

The following screenshots show how a Login 2FA could prevent an attacker from gaining access to your account:

Attempted attack, known username and password but unknown 2FA:

2FA_login-1.png
Invalid login due to missing or incorrect 2FA, access denied:

2FA_login-2.png

Should I set up Login 2FA?

Yes! At Kraken, we consider 2FA for logins a basic security feature that all account holders should utilize to secure their account and recommend using an Authenticator app or a Yubikey for this, as these methods are more secure than using a static password.

How do I set up Login 2FA?

You can set up a Login 2FA by logging in to your Kraken account and clicking on the “Security” tab. Next, click the "On/Off" dial under “Security and Login” and choose the 2FA method you want to use.

Follow the guides below, depending on the method you choose, for how to set it up:


Security Tip: The Login 2FA device or static password for your Kraken account should be kept separate from your username and password, as storing this information together would provide an attacker all the information needed to access your account.

If the device that your 2FA is on has been lost or stolen, your account is at risk of being compromised, especially if your email account can be accessed from that device. In this situation, you should immediately log in to your account to make the necessary changes to your account settings. If you are unable to log in, contact client support to have your account temporarily disabled.