Ara
What is an Authenticator App?
Looking to set up Two-factor Authentication (2FA)?
An authenticator app is usually installed on a smartphone and generates a 6-8 digit code every 30 seconds. The code can be used for signing in, trading, depositing or withdrawing funds from your account or as a Master Key
Note:
  • For security reasons, 2FA for each of these account actions needs to be set up separately.
  • Sign-in 2FA and Master Key should always be kept separate.
How does an authenticator app work?
The codes are generated from a secret key that is shared between the service you are using (like Kraken) and your device, as well as the current time.
The secret key provided at the time of download is all that is needed for backup.
Note: authenticator apps are not tied in any way to your SIM card or phone number and that improves security by protecting your account from SIM swapping.
Where can I get an authenticator app?
There are a variety of authenticator apps that you can download for your smartphone.
A popular example is Google Authenticator, which can be found in Google Play and the iOS App Store.
Security tips for using an authenticator app?
Be sure to enable remote locking and erasing of your smartphone in case you ever lose it.
Google Authenticator account synchronization
The Google Authenticator app was used to store one time password on only the primary device. This meant that if you lost access to your device, you would not be able to access any of your accounts secured with the 2FA mechanism. Now, the Account Synchronization feature for Google Authenticator lets you backup your 2FA codes to the cloud which allows you to access the code from other devices.
While this feature is a convenient option, it can leave you vulnerable to risks. Anyone who has access to your Google Account device may easily access any 2FA code synched to it and gain access to all associated accounts.
How to disable Google Authenticator sync feature?
You can disable this feature by following these steps: 
  1. 1
    On your device, open the Google Authenticator app.
  2. 2
    Tap your profile photo.
  3. 3
    Hit Use without an account.
  4. 4
    Tap Continue.
To ensure your Kraken account and email is as secure as possible, please review the steps in this support article: Securing your email address 
Alternatives to an authenticator app?
While an authenticator app is a secure and convenient option that is used by many of our clients, it is still vulnerable to phishing due to the 30-second window.
Hardware Security Keys are considered to be both more convenient and more secure.