Enabling Two-Factor Authentication (2FA) for sign-in improves account security by adding a second authentication method in addition to your sign-in password for signing in to your Kraken account. This helps protect against attackers, as any attacker would not only need the username and password, but also be in possession of your 2FA code to sign in to your account.
For example, if your email account is compromised, an attacker could request your Kraken username and reset your account password through your email. Having 2FA for sign-in enabled on your Kraken account would prevent that attacker from successfully signing in even after gaining possession of both your username and password.
Tip: You can prevent password resets on your Kraken account by setting up a Master Key.
However, even Sign-In 2FA can't protect your account if you enter it on a phishing website or share it with a scammer, so beware of phishing scams.
Sign-In 2FA is highly recommended!
At Kraken, we consider Sign-In 2FA a basic security feature that all account holders should utilize for both their Kraken account and email account!
Additionally, enabling Sign-in 2FA activates Step-up 2FA on your account. Step-up 2FA is an extra step that is required anytime you want to add, edit or remove any 2FA settings on your account. Once a change to your Kraken account is requested, you will be prompted to confirm your Sign-in 2FA again via the 6-digit code from your authenticator app or via your YubiKey. The code must be entered correctly before any changes can be made to the 2FA settings on your account.
How do I set up Sign-In 2FA?
- Sign in to your Kraken account.
- Click on your name in the upper-right corner of the page.
- Click on Security and navigate to 2FA Settings.
Select "Activate now" for Sign-In under “Two-factor authentication (2FA)”. If you already have a 2FA set up, select "Change method" and choose the 2FA method you want to use.
The methods available are:
- YubiKey device (most secure)
- Authenticator app (moderately secure)
- Static password (no longer available for Sign-In 2FA)
Security Tip: The Sign-In 2FA device for your Kraken account should be kept separate from your username and password, as storing this information together would provide an attacker all the information needed to access your account.
If the device that your 2FA is on has been lost or stolen, your account is at risk of being compromised, especially if your email account can be accessed from that device. You should immediately sign in to your Kraken account and change your password and 2FAs. Likewise, sign in to your email account and change the password and 2FAs there. If you are unable to sign in, contact our client engagement team to have your account temporarily disabled.