Nick Percoco, chief security officer at United States-based cryptocurrency exchange Kraken, announced that two-factor authentication (2FA) is now mandatory for the exchange’s users in a post on the company’s official blog published on March 26.
2FA, in this case, is an additional component needed to access an account. Often 2FA requires the user, after entering their login information, to also enter a one time password (OTP) received via SMS. Per the announcement, Kraken supports Google Authenticator and YubiKey as 2FA implementations.
YubiKey is a hardware device dedicated to generating OTPs, while Google Authenticator is a smartphone app meant to do the same. The post points out that 2FA was available as an additional security option to its users since Kraken's launch in 2013.
The announcement also notes that the measure is part of a broader set of changes included in its security features roadmap that spans “into 2020 and beyond.” While the roadmap itself won’t be made public, Percoco claims that the future changes will be announced and will need action on the part of users.
The post also discloses the formation of the Kraken Security Labs, a team dedicated to enhancing the security of the company’s products and environments. Furthermore, the team will also perform vulnerability research against third party products, such as hardware and software wallets and related technology.
Percoco also promises that Kraken’s cybersecurity team will responsibly disclose the identified issues to improve the overall security of the crypto ecosystem.
As Cointelegraph recently reported, major hardware wallet manufacturer Ledger had unveiled vulnerabilities in its direct competitor Trezor’s devices. Trezor, on the other hand, responded by claiming that none of the issues identified were critical.
Fraudulent hacks are on the rise, with a recent report claiming that in Japan, the number of hacked Internet of Things devices and cryptocurrency networks nearly doubled in 2018 when compared to the previous year.