Introduction

Accessing your Kraken account should be quick — but more importantly, it should be secure. This page walks through the full sign-in experience for both web and mobile users, explains recommended security settings, covers API credentials for programmatic access, and provides troubleshooting steps and recovery guidance. Whether you're a novice investor or an active trader, these practices will help reduce risk and maintain control of your assets.

Tip: Treat login credentials, 2FA devices, and API secrets as high-value items. Plan backups and recovery before you need them.

Login flows — web & mobile

Web (desktop) sign-in

  1. Open your browser and navigate to https://www.kraken.com (type it or use a trusted bookmark).
  2. Click Log In, enter your email/username and password, then submit.
  3. If prompted for two-factor authentication, enter your TOTP code or use your hardware key.
  4. After success, review any recent activity alerts and verify that the device listed is known to you.

Mobile app sign-in

  1. Install the official Kraken app from App Store or Google Play.
  2. Open the app and sign in with your credentials. Complete the 2FA prompt.
  3. Optionally enable biometric unlock (Face ID/Touch ID) for quick re-entry on that device.
Security tip: Avoid signing in from public or untrusted networks. If you must, use a reputable VPN and sign out when finished.

Two-factor authentication (2FA)

2FA adds a second proof of identity beyond your password. Kraken supports multiple 2FA methods — choose the most secure option that fits your workflow.

Which 2FA method should I use?

  • Authenticator apps (TOTP) — Google Authenticator, Authy, Microsoft Authenticator. Strong, widely supported, works offline.
  • Hardware security keys (FIDO / U2F) — YubiKey and similar devices. Phishing-resistant and recommended for high-value accounts.
  • SMS — better than nothing but susceptible to SIM swap and interception. Use only if other methods are unavailable.

How to enable 2FA

  1. Go to Account → Security in Kraken.
  2. Select Two-factor authentication and follow prompts to register your TOTP app or security key.
  3. Securely record backup codes and store them offline (encrypted vault or safe).
If you lose both 2FA and backup codes, account recovery will require identity verification and can take time. Keep backups safe but accessible to you.

API keys & programmatic access

Kraken’s API allows automated trading, portfolio monitoring, and integration with bots. API keys are powerful — guard them like passwords.

API key best practices

  • Create separate keys for each application and assign minimal required permissions (read only, trade, or withdraw — avoid granting withdrawal rights unless absolutely necessary).
  • Restrict IP addresses for API keys when supported to limit where keys can be used.
  • Rotate API keys periodically and delete keys tied to deprecated scripts or servers.
  • Store API secrets in an encrypted store (secret manager or password manager), never in plain text or code repositories.
If an API secret is exposed, revoke it immediately and audit activity for unusual trades or withdrawals.

Account recovery & locked access

Accidental lockouts happen. Kraken’s recovery processes prioritize security, so prepare ahead.

Forgot password

  1. Use the “Forgot password” link on the sign-in page and enter your account email.
  2. Follow the secure reset link sent to your inbox. If you can’t access your email, contact support for recovery steps.
  3. After resetting, immediately re-enable MFA and review account activity.

Lost 2FA device

First, try your stored backup codes. If unavailable, open a support request and follow Kraken’s verification flow — expect identity checks (ID documents, account history) before sensitive recovery actions are permitted.

Keep a secure copy of backup codes in an encrypted vault or printed and stored in a safe place.

Common login issues & fixes

“Invalid username or password”

  • Check for accidental Caps Lock, keyboard layout differences, and leading/trailing spaces.
  • Try your password manager autofill if you use one — that reduces typos.
  • Reset the password if you can’t recall it.

2FA codes failing

  • Sync your phone’s clock to network time — TOTP depends on accurate timekeeping.
  • Enter the most recent code and avoid reusing expired codes.
  • If using SMS, check carrier delivery or switch to an authenticator app for reliability.

Browser / app problems

  • Clear cache and cookies, or try an incognito/private window.
  • Ensure the app is the official one and updated to the latest release.
  • Disable privacy extensions temporarily if they interfere with login flows.

Withdrawal protections & operational controls

Withdrawals move assets off the platform and should be guarded carefully. Use platform features and procedural checks to protect funds.

  • Withdrawal whitelists: restrict withdrawals to known addresses where available.
  • Manual approval thresholds: require secondary confirmations for high-value transfers.
  • Small test transfers: always send a small amount first when sending to a new address.
  • Monitor notifications: enable email or push alerts for new withdrawal events.
Operational tip: For recurring transfers or integrations, consider using cold wallets and multi-sign setups to distribute signing authority.

Phishing & social engineering

Phishing attacks are the most common vector for credential theft. Learn to spot common tactics and how to respond safely.

Red flags

  • Unsolicited emails urging immediate action or threatening account closure.
  • Links that look similar to Kraken but contain subtle misspellings or different domains.
  • Requests for one-time codes, backup codes, or passwords over email, SMS, or chat.
  • Impersonation attempts from “support” asking you to approve transactions or share codes.
If you receive a suspicious request, do not reply or click links. Report it to Kraken via their official support channels and log in from a trusted bookmark to check account status.

Daily habits & best practices

  • Use a unique, strong password stored in a reputable password manager (1Password, Bitwarden, etc.).
  • Enable 2FA and prefer hardware keys for high-value accounts.
  • Keep your operating system, browser, and mobile apps updated.
  • Review account activity and revoke old sessions and API keys periodically.
  • For long-term holdings, move large balances to self-custody (hardware wallets) rather than leaving them on an exchange.
Pro tip: Enable email alerts for logins and withdrawals — they provide quick detection for unauthorized access.

Frequently asked questions

Can I use biometric login instead of a password?

Biometric unlock (Face ID/Touch ID) can be used for convenience on mobile devices, but it typically complements your password and 2FA rather than replacing them entirely for account recovery scenarios.

How quickly will Kraken respond to a recovery request?

Recovery timelines vary depending on the verification required. For high-assurance recovery (lost 2FA, no backup codes), expect a more thorough verification process that can take several days — this delay is intentional to protect your assets.

Is SMS 2FA safe?

SMS is better than nothing but is vulnerable to SIM swap and interception attacks. Use TOTP or hardware keys when possible for stronger protection.

Go to Kraken — Sign In Kraken Help Center