What is a Passkey?
Passkeys are an authentication technology that simplify the login process making sign-in easier, swifter and seamless.
When enabled, Passkeys can be used to satisfy sign-in 2FA, securely logging you into your account by using biometric authentication like a fingerprint or face scan, or a screen lock PIN.
Note: Kraken does not directly store nor use any biometrics data. This data remains uniquely stored on your device and will never leave the secure chip element of your device.
Standardized by the FIDO Alliance, Passkeys are bound to a website or an app's identity, therefore are safe from phishing attacks. The browser and operating system ensure that a Passkey can only be used with the website or app it was created for so you can never be tricked into using your Passkey to sign into a fraudulent app or website.
Benefits of multiple two-factor authentication (2FA)
With multiple two-factor authentication (2FA) you have the ability to have more than one sign-in 2FA method enabled, which you can use interchangeably to access your account. There are several advantages with enabling multiple 2FA:
More Accessibility:
  • With multiple 2FA methods enabled you can avoid account access issues in case your 2FA device is unavailable.
  • Passkeys allow for a faster and more seamless verification and sign-in process.
  • When you enable multiple Passkeys, you are not required to select exactly which one you want to use, they will be automatically matched during sign-in.
  • In the same instance, when making account changes and Step-Up 2FA is required, you will also be provided the option to choose among any multiple 2FA methods you have enabled.
Enhanced Security:
  • Supporting Multiple 2FA unlocks the full power of FIDO2 Passkeys. You can now create FIDO2 credentials/tokens leveraging the FIDO2 compliant authenticators that are built-in your devices, saving that passkey either locally or on a password manager, such as iCloud Keychain or 1Password.
  • Having multiple Passkey options available removes the requirement for a single, expensive Hardware Security Key (such as a Yubikey) to utilize the phishing-resistant FIDO2 2FA.
Note: Other 2FA features (Funding 2FA, Trading 2FA and Master Key) currently remain limited to one method.
Different Passkey types
We classify any 2FA instance as either Roaming or Non-Roaming.
Roaming 2FA:
A 2FA method is considered roaming if it can be used across multiple devices. This means that if you use multiple devices to access your Kraken account, you can use the built-in authenticator to validate a Passkey regardless of whether or not you are using the device that was used to create the Passkey.
This offers a higher degree of usability as you will be able to utilize any of your devices to authenticate without having to individually validate and approve each one.
Kraken supports the following Roaming 2FA methods:
  • Hardware Security Key: a passkey that is attached to a Hardware Security Key can be used on any device that is compatible with the key itself.
  • Cross-Device Passkey: this is a passkey that is created either on a mobile device or to a keychain or password manager, such as iCloud Keychain or 1Password.

Non-Roaming 2FAs:
A Non-Roaming 2FA is a 2FA method that is attached connected to a specific device only. With multiple 2FAs and full FIDO2 Passkey support, in certain conditions users might create a Passkey that is unique to a certain browser on a particular device. As it isn’t synched to a keychain or password manager, and is therefore only available on the device where it was created, we call this instance Device-Bound Passkey.
System requirements for Passkeys
  • A system running at least Windows 10, MacOS Ventura, or ChromeOS 109
  • A smartphone or tablet running at least iOS 16, iPadOS 16, or Android 9
  • A hardware security key with FIDO2 protocol support
Supported browsers
  • Chrome 109 or greater
  • Safari 16 or greater
  • Edge 109 or greater
How to enable multiple 2FA