Basic (must do)
- Set up Two-factor Authentication (2FA) for login, ideally using a Yubikey, and do not back it up in an unsecure way! This is the most important security feature.
- Set up a Master Key to require authentication for password resets. Make sure the Master Key is set up using a different method from Login 2FA. For example, if you use a Yubikey for Login 2FA, then use authenticator app or a different Yubikey for the Master Key.
- Secure the email account registered to your Kraken account with a strong password and Two-factor Authentication (2FA). Remove any and all phone numbers from your email account.
Beware of the following (must know)
- Phishing scams. Even Login 2FA can’t protect your account if you enter it on a phishing website or share it with a scammer.
- Phone support scams.
- Phone number hijacking.
- Set up Two-factor Authentication (2FA) for withdrawals and trading. However, the Global Settings Lock must be enabled in order for these 2FAs to be effective.
- Enable the Global Settings Lock (GSL) to prevent changes to your account settings and withdrawal addresses — even if an attacker gains access to your account.
- Important: If you want the option to immediately turn off the GSL at any time, you’ll need to setup the Master Key before enabling the GSL. Kraken Support cannot speed up GSL removal.
- If your email application supports PGP signing and encryption, provide us with your PGP public key to receive signed and encrypted email from Kraken.