What is a Passkey?

Passkeys are an authentication technology that simplify the login process making sign-in easier, swifter and seamless.

When enabled, Passkeys can be used to satisfy sign-in 2FA, securely logging you into your account by using biometric authentication like a fingerprint or face scan, or a screen lock PIN.

Note: Kraken does not directly store nor use any biometrics data. This data remains uniquely stored on your device and will never leave the secure chip element of your device.

Standardized by the FIDO Alliance, Passkeys are bound to a website or an app's identity, therefore are safe from phishing attacks. The browser and operating system ensure that a Passkey can only be used with the website or app it was created for so you can never be tricked into using your Passkey to sign into a fraudulent app or website.

Explore the following resources to add multiple 2FA methods to your account:

We classify any 2FA instance as either Roaming or Non-Roaming.

Roaming 2FA:

Works across multiple devices. If you use multiple devices to access your Kraken account, this enables built-in authenticators to validate Passkeys regardless of the device used to create the Passkey. You will be able to utilize any of your devices to authenticate without having to individually approve each one.

Kraken supports the following Roaming 2FA methods:

  • Hardware Security Key: a passkey that is attached to a Hardware Security Key can be used on any device that is compatible with the key itself.

  • Cross-Device Passkey: this is a passkey that is created either on a mobile device or linked to a keychain or password manager, such as iCloud Keychain or 1Password.


Non-Roaming 2FAs:

Device specific. With multiple 2FAs and full FIDO2 Passkey support, in certain conditions users create a Passkey that is unique to a certain browser on a particular device. As it isn’t synched to a keychain or password manager, we call this instance Device-Bound Passkey.

Enabling multiple 2FA methods provides accessibility and enhanced security for account access:

Accessibility:

  • With multiple 2FA methods enabled you can avoid account access issues in case your 2FA device is unavailable.

  • Passkeys allow for a faster and more seamless verification and sign-in process.

  • When you enable multiple Passkeys, you are not required to select exactly which one you want to use, they will be automatically matched during sign-in.

  • When Step-Up 2FA is required (e.g., for account changes), you can choose from any enabled 2FA method.

Enhanced Security:

  • Take advantage of FIDO2-compliant authenticators built into your devices to create secure credentials or tokens.

  • Having multiple Passkey options available removes the requirement for a single, expensive Hardware Security Key (such as a Yubikey) to utilize the phishing-resistant FIDO2 2FA.

  • Multiple Passkeys eliminate the need for a single, costly hardware security key (e.g., Yubikey) to achieve phishing-resistant 2FA.

Note: Other 2FA features (Funding 2FA, Trading 2FA and Master Key) currently remain limited to one method.

Operating systems:

  • Windows 10 or later

  • macOS Ventura or later

  • ChromeOS 109 or later

Mobile Devices:

  • iOS 16 or later

  • iPadOS 16 or later

  • Android 9 or later

Hardware Security Key:

  • Must support the FIDO2 protocol

Hai ancora bisogno di aiuto?