Why do I need to update my Sign-in 2FA?
Security is Kraken’s top priority and we are requiring clients with legacy Sign-in 2FA methods to update to a Passkey or Authenticator App to help prevent compromise.
If you have a Static Password enabled, you are using the least secure 2FA method. Because they do not change with each use, this makes them easy to be stolen by an attacker if the password is acquired.
If you currently have Yubico OTP enabled, you can use the same hardware security key and simply update it to a Passkey method. Passkeys are more secure because they are bound to a website or an app's identity and therefore are immune to phishing attacks. The browser and operating system ensure that a Passkey is used only with the website or app it was created for so you cannot be tricked into using your Passkey to sign into a fraudulent app or website.
How do I update if the Global Security Lock (GSL) is on?
If you have the Global Settings Lock (GSL) enabled, you will need to turn this off before it will be possible to update your Sign-in 2FA. This is because the GSL prevents changes being made to your security settings. Once this has been disabled, you can update your Sign-in 2FA to a more secure method.
See How do I remove my Global Settings Lock (GSL) on Kraken? for step-by-step instructions of how to complete the unlocking process.
Why should I enable Passkeys?
Passkeys are a highly convenient and secure Sign-in 2FA option because they offer an enhanced level of security by utilizing the power of phishing-resistant FIDO2. There are multiple methods to choose from including hardware keys, using your specific browser or device, or saving it in a password manager. If your device has a biometric feature, like fingerprint or face scanning ID, you can use it as a Passkey. This is available on most mobile devices.
In addition to being more secure, enabling Passkeys also allows you to be more flexible when accessing your account by setting up multiple Sign-in 2FA methods. By having multiple methods, you can:
- •Simplify the login process.
- •Choose a method that is most convenient for you and the device you are using to sign in.
- •Avoid future account access issues.
See What is a Passkey? for more details about how you can benefit from Passkeys.
What if I don’t have a mobile device or Hardware Security Key?
If you don’t have a mobile device or Hardware Security Key, it is also possible to enable a Passkey using a Password Manager and Apple users can utilize iCloud.
However, if none of these cross-device Passkey methods are available, you can enable a device-bound Passkey via a browser on your computer or laptop. In this case, a Master Key needs to be enabled first and static passwords are an option for this security feature. Once a Master Key is enabled, it can be used as a Sign-in method as well.
It is important to note that choosing a static password for your Master Key poses the same security risks we’re trying to mitigate with this Sign-in 2FA upgrade. But this can help to ensure uninterrupted access to your account services until you can enable a more secure Sign-in 2FA method.
What happens if I don’t update?
If you haven't updated your Sign-in 2FA by November 17, 2024, you will lose access to account services until the update is completed. We highly recommend making the switch as soon as possible to avoid any interruptions.