Written by Nick Percoco, Kraken Chief Security Officer
Cybersecurity cannot be an afterthought on cryptocurrency platforms. At Kraken, the security of our customers’ personal information and crypto assets is our top priority, so we place security above all else. Following October’s Cybersecurity Awareness Month, we’d like to tell you more about our ongoing approach to protecting your personal data and cryptocurrency.
Kraken was founded in 2011 with a security-first mindset. Our co-founders found Mt. I witnessed a Gox attack first hand. It was a disaster for thousands of customers and the exchange itself.
We continually strive to be a secure trading platform where our customers can access the cryptocurrency ecosystem and invest with confidence. For us, security is a way of life.
Security is part of our DNA
Security is at the heart of Kraken’s global operations. Over our 12-year history, we have continually invested in our cybersecurity infrastructure, hired the best talent in the information security community, and invested countless hours in training. every Our team is “productively paranoid.”
But security is not just about keeping the cryptocurrency we hold safe on behalf of our customers. The personally identifiable information we maintain about our customers is just as important to malicious actors.
We aim to encrypt all sensitive account information at system and data level using the latest standards. This means your identifying information is always hidden behind a strong layer of security. After encrypting your information, we follow a robust set of security procedures and controls that are ISO 27001 and SOC 2 certified.
Why security is a two-way process
We also know that our security-first approach is most effective when our customers understand the importance of remaining vigilant as we navigate the increasingly digital world we live in.
Cybercriminals are constantly evolving their methods of extracting personal information from their victims, so we have invested significant resources to improve our knowledge of good security practices for everyone.
For example, we partnered with renowned US scammer KitBoga to creatively raise awareness of the most common cryptocurrency-related scams. We also received a CSO 50 award for our ongoing efforts to reduce the spread of email phishing attacks.
The role of two-factor authentication (2FA) in a security-first approach
While Kraken continually strives to protect our customers’ assets and personal data, we recognize the importance of implementing 2FA to assist our customers in their efforts to maintain the highest level of operational security.
2FA serves as an important second layer of defense to further protect your online life. We compare 2FA to having a deadbolt on your front door. Yes, one lock may be enough to keep intruders out, but having a second lock that requires a different key is a powerful upgrade that will make your home more secure.
This second layer of protection is so important that we believe everyone should enable 2FA on every account and application possible, especially personal email.
Our customers have a variety of options to enable 2FA on their Kraken account. For example, there are several common authentication apps that generate one-time passwords that can be used to authenticate tasks such as verifying the account login process. You can also use this password to see a new wallet address being created or a transaction starting from your Kraken account.
We actively encourage our customers to go one step further by enabling various forms of 2FA when using our platform. This is called multi-factor authentication (MFA) because each additional layer creates additional protection for your assets and personal information.
More security: MFA and beyond
For those who want an even higher level of protection, it also enables 2FA through a physical hardware device that supports FIDO2 and WebAuthN standards. Similar to using an authenticator app, a hardware security device generates a unique key that authenticates a device or service.
However, these hardware devices are not as susceptible to phishing attacks as time-sensitive code. These devices use special security chips to securely generate keys that are unique to the actual web service or mobile app for which the device is designed. This helps you resist common phishing attacks.
Lastly, while implementing a 2FA strategy is important, poor password management can make it less effective. Many people are still using very common passwords such as: Password 1, Spring 2023, qwerty or hunter 2 To protect their accounts. The good news is that creating a secure password is easy. Watch this short video to learn how in about 3 minutes.
Eight out of ten people claim to reuse their passwords across multiple websites. This may be convenient for users to remember, but if a cybercriminal compromises an account with this common password, it creates a single point of failure for the victim. The attacker will then attempt to gain access to all other popular sites and apps, and will most likely succeed.
The security of cryptocurrency platforms, including ours, and personal cybersecurity hygiene are essential to the transition of cryptocurrencies to mainstream adoption. If you would like to learn more about our security approach, click here to learn more.
These materials are provided for general information purposes only and are not investment advice or a recommendation or solicitation to buy, sell, stake or hold any cryptocurrency or to engage in any particular trading strategy. Kraken makes no effort to increase the value of the cryptocurrency you purchase. Cryptocurrency products and markets are unregulated, and you may not be protected by government compensation and/or regulatory protection schemes. The unpredictable nature of the cryptocurrency market may result in loss of funds. Taxes may be levied on the appreciation and/or reporting of your cryptocurrency assets and you should seek independent advice regarding your tax position. Geographic restrictions may apply.