Log In | Kraken® — Sign In to Your Account

A clear, practical guide to signing into Kraken safely: web and mobile flows, multi-factor authentication (MFA), recovery steps, API key best practices, troubleshooting common issues, and security tips to protect your account.

Overview

Kraken is a major cryptocurrency exchange used for trading, custody, and staking. Because accounts can hold substantial balances and linked payment methods, access to your account should be secured carefully. The sign-in process is your first line of defense — combining a strong password with robust MFA and good device hygiene significantly reduces the chance of unauthorized access. This guide walks through common sign-in scenarios, explains recovery options, and lists concrete security practices you can adopt today.

Before you sign in

  • Confirm you are using the official Kraken domain (type kraken.com manually, don’t click unsolicited links).
  • Use a trusted device and network — avoid public Wi-Fi unless you have a reputable VPN enabled.
  • Have your MFA device ready (phone with authenticator app, security key, or SMS-enabled number depending on what you use).
  • Ensure your recovery email is secure and accessible — it’s often required during recovery.

Signing in on the web

  1. Open a modern browser and navigate to kraken.com. Verify the HTTPS lock and the domain name before entering credentials.
  2. Click Log in (top-right) and provide your registered email address and password.
  3. If you have MFA enabled, you’ll be prompted for the secondary factor — enter the code from your authenticator app, approve the push notification, or insert your hardware security key as required.
  4. After successful authentication you’ll be redirected to your Kraken dashboard. Review any security alerts that appear and confirm they reflect your recent activity.
Tip: Consider using a separate browser profile for financial apps to minimize extension risks and accidental information leakage.

Signing in on mobile

Kraken provides official mobile applications. Download them only from the Apple App Store or Google Play.

  1. Open the Kraken app and tap Log in.
  2. Enter your email and password, then complete the MFA step if required.
  3. You may enable biometric unlock (Face ID / Touch ID / Android biometrics) for faster access on that device — this is convenient but keep your main MFA active for new devices.
Warning: Avoid logging in from jailbroken or rooted devices; they increase the risk that malware can intercept credentials or MFA codes.

Multi-factor authentication (MFA)

MFA is essential. Kraken supports multiple methods; choose the strongest available:

  • Authenticator apps (TOTP): Google Authenticator, Authy, Microsoft Authenticator. These generate time-based codes and are generally preferred.
  • Hardware security keys (WebAuthn / U2F): Physical keys like YubiKey provide the best protection and can be used to secure logins and withdrawals in many platforms.
  • SMS: Text messages are available as a fallback but are vulnerable to SIM swap attacks; avoid relying on SMS whenever possible.
  • Push notifications: Approve sign-ins through the Kraken mobile app or supported authenticator services.
Recommendation: Use an authenticator app and a hardware security key as a backup if possible. Keep backup codes stored offline in a secure location.

Password reset and account recovery

If you forget your password, use Kraken’s password reset flow:

  1. On the sign-in page click Forgot password? and enter the email associated with the account.
  2. Open the reset email and follow the link to create a new password. These links often expire quickly — reset promptly.
  3. After resetting, sign in and complete MFA. Kraken may require additional checks for unusual sign-ins.

If you lose access to your MFA device, Kraken’s recovery process typically requires identity verification — be prepared to provide ID and any requested documentation. Keep recovery contact details (email, phone) up to date to avoid delays.

Never provide your password, MFA codes, or full recovery phrases to anyone claiming to be support. Kraken will never ask for your password by email or chat.

Troubleshooting common login problems

  • Authenticator codes not working: Check that the device time is accurate; TOTP depends on correct clocks.
  • SMS not received: Confirm the number is correct and check carrier delays; consider moving to an authenticator app.
  • Browser errors: Clear cookies/cache or try an incognito window; disable suspect extensions.
  • Account locked or flagged: Follow Kraken's on-screen instructions and check your email for additional verification steps.
  • Device not recognized: Try another USB port or cable, or reinstall the app if using hardware keys requiring drivers.

If issues persist, contact Kraken Support through official channels and provide non-sensitive troubleshooting details (time, device, app/browser version). Avoid sharing secret information in support requests.

API keys and programmatic access

Traders often use API keys to automate strategies. Treat API keys with the same care as passwords:

  • Generate keys with the minimum permissions required (read-only vs trading vs withdrawal).
  • Store keys encrypted and rotate them regularly.
  • Where possible, restrict API keys to specific IP addresses.
  • Revoke any key immediately if you suspect it’s been exposed.
Important: API keys that authorize withdrawals should be used sparingly and paired with withdrawal address whitelists when the platform supports them.

Business and institutional considerations

Business accounts may require role-based access, single sign-on (SSO), and stronger auditing. Admins should enforce hardware-backed MFA for privileged users, maintain strict API governance, and log access events for compliance and incident response.

Daily security and best practices

  1. Use a strong, unique password stored in a trusted password manager.
  2. Enable robust MFA — prefer TOTP and hardware keys over SMS.
  3. Keep your recovery email secured with its own MFA.
  4. Regularly review active sessions and connected devices; revoke any you don’t recognize.
  5. Be skeptical of unsolicited messages asking for credentials or prompting urgent action; verify via official channels.
  6. Keep your operating system and apps updated, and avoid jailbroken/rooted devices.

If your account is compromised

Take immediate action: change your Kraken password from a secure device (if possible), revoke API keys, force logout of all sessions, disable linked funding methods if the option exists, and contact Kraken Support right away. Collect transaction IDs and timestamps to share with support. If funds were moved off-site, consider contacting local law enforcement and your bank if linked payment methods were abused.

Quick response improves the chance of mitigation. Act fast and follow Kraken’s official guidance.

Final notes

Signing in to Kraken safely is about layers: a unique strong password, dependable MFA, secure email and device hygiene, cautious handling of API keys, and rapid reaction to suspicious activity. Implement the practical steps in this guide and revisit your settings periodically to ensure they still meet your security needs. For the latest, always consult Kraken’s official documentation and support channels.