Topic: [ANN] KRAKEN.COM - Exchange with USD EUR GBP JPY CAD BTC LTC XRP NMC XDG STR ETH - page 218. (Read 628818 times)

Hey Dargo,

I created a sixth deposit address. Now one of my old addresses will expire in 7 days.  But I don't want this address to expire. How can I choose an other address from my six to expire?

Your inquiry is welcome because people should be more insistent that exchanges do regular audits. We plan to work towards doing them more regularly, but at the present time the best I can say is that we want to do another one as soon as we can, but don't have a specific estimate.

Looks like it's already back up, so there shouldn't be much of an interruption in support response times.

Announcement: support.kraken.com is currently down. The site is hosted by zendesk, which is experiencing a service disruption in one of it's data centers. They are making progress on fixing the issue but haven't given an estimate for when it might be fixed. This doesn't affect our exchange operations at kraken.com, but it may mean that some customers experience a delayed response to support requests.

Not at this time. But we are considering it along with other ways to address thin order books like we have for GBP.

I asked about this but haven't heard back yet. I'll let you know when I do.

Is it possible to deposit GBP via Paycash and then convert this balance to EUR when it arrives at Kraken?

thanks
how about the API orderbook issue?

Serpens - Let me know if you see this again. We made some changes that should make it much less likely to happen, and if it does the error message will tell you to wait a while and check on the status of your request before making the request again.

I tried again now and it worked, so just temporary I guess

We tested it and it seems to be working OK. Please create a ticket if you haven't already since we'll need to look at your account. I'd also try again to see if it was just a temporary issue.

I'm having a weird problem where I'm unable to turn on the Global Settings Lock; when I click "Update Settings", the page just eventually returns a Cloudflare timeout error. However, the rest of the site (at least the things I tried) seems to be working just fine!

Actual error message:

Yes, that's a case where we have protocols in place to confirm your identity.

Thanks, I created a masterkey now
What would Kraken do, if someone claims he lost his 2FA device and used the same device to generate the masterkey?
This could happen, but it could also be an attempt to steal the account. Would you now try to confirm the identity?

This is what the master key is for - to protect against someone hacking your email address (and other things). You should create a master key on a separate two-factor device from the one you use for login and keep it someplace very safe. If you don't have a second device, just make it a static password until you can get one. Once the master key is created, it will be required in order to reset your password or bypass the 2FA for account login.

https://support.kraken.com/hc/en-us/articles/201396847-What-is-the-master-key-shown-on-the-two-factor-authentication-page-

Another option is to use the global settings lock. Once activated, nobody can change the settings in your account for the number of days you specify, even if they hack into your account. So they couldn't enter their own withdrawal addresses. You can do both the master key and the global settings lock, but if you create the master key before you do the settings lock, the master key can be used to override the settings lock. This is convenient, but keep in mind that if someone obtains your master key, they will be able to override the settings lock.

https://support.kraken.com/hc/en-us/articles/201396877-What-is-the-Global-Settings-Lock-

Edit: a further protection would be to give us your PGP key for email encryption. This way, all automated email from us, including password reset and 2FA bypass are encrypted.

I keep an old phone on which I disabled all networking and installed Cyanogenmod (optional though) for things like that. Other implementations for Google Authenticator work on PCs, so you can you use your cold storage PC for it.



Do I understand correctly that is possible to request a new password and a 2FA bypass in "one go"? I don't think that's a good idea.

I'd prefer additional confirmation. Another idea: force every user to submit a BTC address that they control and can sign messages with. This address could only be submitted once. A signed message would be required to bypass 2FA.

I agree that we need better measures for emergency situations. We are working on a way for clients to lock their accounts in case of emergency since that would be the fastest if you think your account might be hacked. I'll have to check on the status of this with the devs to see what the ETA might be. We are also planning on having 24/7 support once the support team is large enough for that. Some kind of emergency hotline would be good too, so I'll make sure we look at how that might be done.  

I editet my last post. There you see, you don't need to hack the 2FA, you only need access to the email account.. then you can get the 2FA bypass =/ Maybe Dargo will post something regarding this topic.

Glad to hear it works! 



If there was a hack circumventing 2FA, that would mean with high probability it would be an inside job. In that case I would consider the support channel compromised as well. Remember, bitcoins that you keep at an exchange are IOUs.

Thanks Newar for your help !

I have access to my kraken account now. So no one changed my password as I thougt. I'm 100% sure I typed everything correct during my 3 tries. So the only explanation is that my yubikey was the problem. Maybe because I tried to login during the beginning of the price crash (lots of traffic for kraken).
This combined with the mailbox.org thing got me in panicmode
But nevertheless, it could happen a real hack anytime and we can't get in touch with support instant. That's not good... so I hope Dargo will post here something, waht to do in those cases to close the account temporaly.

edit: ... (answer to Newars questions..)
Yes, WPA2 and AES

I used google authenticator before and use it still on some other sites. But I don't trust any app for my mobile device and asume it could be "hacked" via apps any time. (that's also why I don't have a wallet on my mobile device, I just don't trust the security from mobile devices).
That's why I bought a yubikey. No one can hack my yubikey. No one can have access to it via internet. Therefore it should be the safest way.
But it's a good question... what to do, if I loose my yubikey or sth. like that? Dargo, what are the steps to make, if someone lost the yubikey/password?

Of course I want access to my account even if I lost password/yubikey. But on the other hand I don't want that someone who hacked my mailaddress is able to resett my password/2FA.    https://support.kraken.com/hc/en-us/articles/204359233-How-can-I-recover-my-account-
If I understand the steps in this link right, someone with my email address and accountname can request a new password and a 2FA bypass, without verifying his identity.
Wouldn't it be better to ask for a scan of ID card or a webcam verification to proof the identity?