A passkey is a digital credential stored on your device used for additional security next to your password and is considered to be one of the most secure methods of 2FA. Passkeys can be used to satisfy sign-in 2FA, securely logging you into your account by using biometric authentication like a fingerprint or face scan, or a screen lock PIN.

An authenticator app is usually installed on a smartphone and generates a 6-8 digit code every 30 seconds. The code can be used for signing in, trading, depositing or withdrawing funds from your account or as a Master Key. Note: 2FA for each of these account actions needs to be setup separately.

2FA ensures that:

✓ Unauthorized access is stopped if your username and password are stolen.

✓ Your account can only be accessed by the holder of the device that has the 2FA code.

✓ Every time you sign in, your device creates a unique passcode that is required for accessing your account.

✓ Once signed in, you are the only person who can perform certain actions such as trading, withdrawing or depositing.

2FA requires an extra passcode when signing in, trading, withdrawing or depositing. This passcode can be stored in an authenticator app on your phone where the passcode changes every 30 seconds. Or in a Hardware Security Key where the passcode changes after each use and can even recognize the website that you are trying to sign into.Enabling sign-in 2FA also activates Step-up 2FA. This is an extra step that is required anytime that 2FA settings on your account are added, edited or removed.

Once a change to your Kraken account is requested, a popup window will appear to confirm your sign-in 2FA again via the 6-digit code from your authenticator app or via your Hardware Security Key. Without the Step-up 2FA code no changes can be made, even if somebody managed to sign into your account without your permission.

Functions are all the different actions you can enable 2FA for.

To learn more about the 2FA functions and how to set them up, check out these articles:

Each function can have 2FA enabled using different methods.

For example, you may choose to use the Hardware Security Key method for the sign-in function because Hardware Security Keys are the most convenient and secure to use in daily life.

Then for your Master Key function, you may choose to use the authenticator app method because it is less convenient to use and not needed as frequently. The Master Key is only needed in the rare case when you've lost your sign-in 2FA, have to change your password or need to remove the GSL immediately.

Having sign-in 2FA and the Master Key on the same device cancels out the security that these functions guarantee when kept separate. The 2FA method used for the Master Key should be different from the one used for your sign-in 2FA, otherwise it defeats the purpose of the Master Key. 

If you use separate devices you could use an authenticator app for both functions as each app will generate a different code.

To learn more about the 2FA methods and how to set them up, check out these articles:

Mobile phone numbers have become a critical element in authentication and account recovery processes. However, they pose significant security risks, especially for handling sensitive information, including cryptocurrency.

Telecom providers often lack robust security measures, leaving users vulnerable to attacks like phone number hijacking, where attackers use social engineering to gain control over a victim's number. The consequences can include theft, extortion, and loss of access to key accounts.

To safeguard your accounts and personal data, you can think about the following: