US-based cryptocurrency exchange Kraken announced its decision to make Two-Factor Authentication (2FA) mandatory for all users, and launch Kraken Security Labs.
In a blog post on Tuesday, Kraken’s Chief Security Officer Nick Percoco explained that the exchange’s users must now set up 2FA in order to access their accounts.
2FA is an extra layer of protection used to increase online security beyond simply a user’s email and password. While Kraken has provided users the option to implement 2FA since its launch in 2013, it has never been a requirement until now. The exchange will support mobile app Google Authenticator and hardware device YubiKey as 2FA implementations, eschewing the commonly used SMS option on account of its vulnerability to hijacking.
Percoco revealed that “this is not the last client facing security enhancement you’ll be hearing about,” citing an ambitious security roadmap Kraken has drawn out. He added:
“While this roadmap is not made public, you’ll be hearing about security enhancements and upgrades as they are released and made available to you. Like most features similar to 2FA, you’ll need to enable them to take advantage of the added security, so please be sure to take action when you’re prompted to.”
In addition to the 2FA enforcement, the post announces the launch of Kraken Security Labs, a team focused on enhancing the security of the exchange and its products. It will perform vulnerability research against third-party products such as cryptocurrency wallets, and work discreetly with teams where problems are identified.
The move is a welcome one in the cryptocurrency space, where exchange hacks — most recently DragonEx — and security breaches are a common occurrence. Indeed, a study by security firm CipherTrace found that $927 million of cryptocurrency was lost to hacks in the first three quarters of 2018.