For the highest level of account security, it is absolutely essential that users fully utilize the various security features that the Kraken platform has to offer (not just login 2FA, but funding/trading 2FA, as well as a Master Key and Global Settings Lock). More detailed information outlining the various available security features can be found here:
https://support.kraken.com/hc/en-us/articles/201396837i'm amazed you guys still have these horribly implemented security settings. i can only imagine how many people have lost money because of them. it's not confidence inspiring.
there's absolutely no reason to distinguish between login 2fa and withdrawal/trading 2fa. remove the separate options and secure
everything with 2fa because customers obviously don't understand the security implications, eg that withdrawal/trading 2fa can easily be removed once logged in.
also, why are static passwords allowed as a 2fa option? 2fa = something you know and something you have. 2 passwords = 2 things you know and 0 things you have.......
1. how was the 2FA changed? If that is possible then also the global setting lock is useless...
was the global setting lock active? why would the hacker need to change the 2fa anyway? it looks like they had access to your account and thus must already have your secret token.