It would be better to let me know at sign-up time that the email address I typed was already in use, and that that isn't OK, rather than pretending to accept it. When I type the email address into the signup box it puts a green checkmark and writes "OK" - but it isn't OK.
This would allow an attacker to determine whether someone with a particular email address had an account with us. That'd be bad for our users' privacy, and security.
I created a 2nd account using the same email address as the first one. It told me it had created the account and would email me a confirmation code, but instead it emailed me an error message:
"A request was made to register with an e-mail that is already on the Kraken system. The existing account is dooglus."
I just tried again, this time using a different email address. Now it tells me "Please choose a different username".
It seems like it did actually create the 2nd account, even though it used a duplicate email address.
Yeah, even if the new account registration failed because the email was already in use on another account, the username will be reserved for a few minutes as if the registration were pending. Once the pending registration fails to confirm in time, the username is released.
* the login screen and the withdraw page both have fields for 'one time password' or some such. I don't see any way of turning on the two-factor auth.
Ah, sorry.. we're making some changes to two-factor right now. The feature will probably be back tomorrow.
* I tried changing the settings > account > auto-logout to custom > 241 minutes (max allowed is 240). I saw a pink rectangle at the top of the screen, but it didn't contain an error message. It looks like it tried to tell me I picked an incorrect value, but it didn't actually show the message.
This is a bug! Awesome. You've gotta post your BTC address!