In the event of a sign-in compromise, enabling two-factor authentication (2FA) for deposits and withdrawals (i.e. Funding) improves your account security by preventing attackers from moving funds in or out of your account.
Deposit 2FA requires a 2FA code for:
- Generating a new cryptocurrency deposit address (and thus preventing existing addresses from expiring)
Withdrawal 2FA requires a 2FA code for:
- Withdrawing any type of funds from your Kraken account
- Transfers to your Futures wallet (but not from your Futures Wallet)
However, withdrawal 2FA does not prevent the addition of cryptocurrency withdrawal addresses. For that, you'll need to enable the Global Settings Lock (GSL).
Additionally, if you have funding 2FA activated on your account, you will also be required to enter your funding 2FA code when staking and un-staking.* If you are using the Kraken Pro interface you will not be required to enter your funding 2FA code.
Should I set up deposits and withdrawals 2FA?
Adding 2FA for deposits & withdrawals is an excellent choice for high value accounts and clients who prefer top-notch security for their accounts.
Clients who hold funds in their account at Kraken, but do not frequently transfer funds to or out of their account are also encouraged to enable this feature.
How do I set up deposits and withdrawals 2FA?
If you have not already set up a sign-in 2FA on your account, you will be prompted to do so first before setting up 2FA for deposits & withdrawals.
- 2Click on your name or profile icon in the upper-right corner of the page.
- 3Click on Security and then scroll down to Advanced Settings.
IMPORTANT: After enabling 2FA for deposits & withdrawals, you must also enable the Global Settings Lock (GSL) or a sign-in 2FA in order for it to be effective. Enabling sign-in 2FA activates Step-up 2FA on your account. Step-up 2FA is an extra step that is required anytime you want to add, edit or remove any 2FA settings on your account. Once a change to your Kraken account is requested, you will be prompted to confirm your sign-in 2FA again via the 6-digit code from your authenticator app or via your Hardware Security Key. The code must be entered correctly before any changes can be made to the 2FA settings on your account. If you choose not to use sign-in 2FA, you must enable the GSL. Without the GSL, the deposits & withdrawals 2FA can be easily removed or changed by anyone who gains access to the account.
*An overview of eligibility criteria (including geographic restrictions) for On-chain staking can be found here.