Risks of using an Authenticator App

Last updated: 4 aug. 2025

Two-Factor Authentication (2FA) adds an additional layer of security to your Kraken account in addition to your username and password.

Authenticator Apps have been a common method used for 2FA, however many of these apps are now automatically enabling the syncing of your time-based codes across devices via the cloud. This has introduced significant new security risks.

Authenticator code syncing is a feature that allows your 2FA tokens to be backed up and accessed from multiple devices using your cloud account (e.g., Google account or Apple ID). Many apps, including Google Authenticator, offer this feature by default, touting it as a convenient back-up solution in case you lose the device with the Authenticator App installed. 

Unfortunately the convenience of this feature has come at the expense of security.

If a malicious actor gains access to your Google, Apple or Microsoft account, they could also gain access to your synced 2FA codes. This completely defeats the purpose of 2FA as it would allow the malicious actor to reset passwords and sign into any account you use with your Authenticator App.

Additionally, every device with access to your cloud account becomes a potential entry point for malicious actors. More devices = more risk. Due to this security risk, Kraken recommends that you disable Google authenticator cloud sync.

Google Authenticator

  1. Open Google Authenticator.
  2. Tap your profile picture or initials in the top-right corner.
  3. Tap "Use without an account" or turn off Cloud backup.
  4. Confirm your selection.

Passkeys are Kraken’s phishing-resistant replacement 2FA codes. Using FIDO2 technology, they are stored securely on your device and unlike Authenticator Apps, they are not transferable or visible. Passkeys are considered to be one of the most secure methods of 2FA.

Accessibility:

  • With multiple 2FA methods enabled you can avoid account access issues in case your 2FA device is unavailable.
  • Passkeys allow for a faster and more seamless verification and sign-in process.
  • When you enable multiple Passkeys, you are not required to select exactly which one you want to use, they will be automatically matched during sign-in.
  • When Step-Up 2FA is required (e.g., for account changes), you can choose from any enabled 2FA method.

Enhanced Security:

  • Take advantage of FIDO2-compliant authenticators built into your devices to create secure credentials or tokens.
  • Having multiple Passkey options available removes the requirement for a single, expensive Hardware Security Key (such as a Yubikey) to utilize the phishing-resistant FIDO2 2FA.
  • Multiple Passkeys eliminate the need for a single, costly hardware security key (e.g., Yubikey) to achieve phishing-resistant 2FA.

Explore the following resources to add multiple 2FA methods to your account:

Additional reading:

Behöver du mer hjälp?