For information on changes for our US clients, please visit our Support Center article.

Ara
Using a Security Key for two-factor authentication (2FA)
A Hardware Security Key is a small physical device used for additional security next to your password and is considered to be one of the most secure ways of two-factor authentication (2FA). Most Hardware Security Keys are very simple and you only need to touch or tap a button while it is plugged into the USB port of your device.
At this moment only sign-in 2FA can be secured with both FIDO2 and Yubico OTP protocols. Sign-in 2FA and the Master Key support Hardware Security Keys that use the FIDO2 protocol. Funding 2FA only supports the Yubico OTP protocol.
Functions
Available Hardware Security Key protocols
Sign-in 2FA
FIDO2
Trading 2FA
None
Funding 2FA
Yubico OTP
Master Key
FIDO2
Each function needs to be set up separately. To learn more about the 2FA functions above, you can review this support article.

Hardware Security Keys frequently asked questions:

Why should I use a Hardware Security Key instead of an authenticator app?
  • Simplicity:
    All you need to do with a Hardware Security Key is plug it into, or hold it against your device and touch or tap a button. No need to copy a passcode from an authenticator app or worry about your device's battery running out.
  • Security:OTP’s generated by a Hardware Security Key are significantly longer than those from an authenticator app (44 characters versus 8 or less characters). FIDO2 adds additional security on top of this, because the protocol will only respond to a challenge from the website that you registered it on, and will therefore prevent phishing
  • Harder to lose:
    We see a lot of tickets at Kraken Support because someone lost their phone. In our experience, it is less likely to lose a device specifically used for 2FA than a phone that is carried around all the time.
  • Privacy:
    Even if you lose your Hardware Security Key, it has no identifiable information about what it is used for or who it belongs to. In contrast, an authenticator app mentions the website name and some identifiable account information because the passcode needs to be manually read by a human.
Where can I get a Hardware Security Key?
Some of the most popular FIDO2 Hardware Security Key providers are:
Each has their own advantages and disadvantages. Some are multifunctional, and also serve as a cryptocurrency wallet, while others are specialized in providing security above everything else. It is up to you which provider you choose, we recommend starting with searching “fido2 Hardware Security Key comparison” in your preferred search engine or picking one of the popular Hardware Security Key providers we mentioned earlier.
How to set up a Hardware Security Key on Kraken
Please review our How to enable Multiple 2FAarticle, which explains how to set up a Security Key for two-factor authentication (2FA). 
How to update Sign-in 2FA from YubiKey OTP to a FIDO2 Hardware Security Key
Updating your Sign-in 2FA from a Hardware Security Key that uses YubiKey OTP to a Hardware Security Key that uses FIDO2 takes less than a minute!
  1. 1
    2FA_Security.png
  2. 2
    Select Change method in the Sign-in section and then use your current YubiKey to authorize this change.
  3. 3
    Security_2FASetupSecurityKey_03302022.png
  4. 4
    Insert your
    FIDO2 Hardware Security Key
    into your device.
    Use your security key with kraken.com
  5. 5
    Select allow on the following screen.
    Allow this site to see your security key
  6. 6
    Congratulations, your FIDO2 Hardware Security Key is now enabled as Sign-in 2FA for your Kraken account! You have the highest level of security available to protect unauthorized access to your account.
I lost my Hardware Security Key!
If you no longer have access to your Hardware Security Key, please fill out this form.
What is Yubico OTP?
Yubico OTP is a protocol that is supported by all Hardware Security Keys from Yubico (i.e. YubiKeys) and generates a unique 44-character passcode when touched while plugged into a device. This passcode can only be used once and is significantly more secure than an authenticator app, due to an app only generating a 6-8 character passcode.
What is FIDO2?
FIDO2 is a protocol that prevents phishing by verifying the legitimacy of the website you use the Hardware Security Key for. A private key is stored on the Hardware Security Key together with a corresponding public key that is bound to the Kraken website. Kraken will send a challenge for your unique Hardware Security Key every time someone attempts to sign in with your username and password. The Hardware Security Key will use its private key to respond to Kraken if it can verify that the challenge came from the correct website and will only then allow you to sign into your account. Since a FIDO2 Hardware Security Key can only authenticate services that you have previously registered, it will prevent you from entering the correct passcode on a website that is imitating Kraken.
What is a FIDO2 PIN?
Depending on the device you use, you may be prompted to set or use a PIN when using a FIDO2 key. For an overview on how to set or use a PIN you can visit the website of your Hardware Security Key manufacturer. For example, if your Hardware Security Key is a YubiKey, you can find more information on how to manage your Hardware Security Key's PIN on Yubico's website.