Kraken doesn't keep sessions alive very long, whereas I can keep coming back to my Coinbase tab the following day and it will still have a session. 2-factor authentication is optional with Coinbase, but Kraken requires 2-factor and only allows an authenticator app or Yubikey(i.e. not mobile which can be intercepted). The Kraken app uses API keys that you set up rather than username/password; this allows the user to set login permissions in case they want their mobile app to only read their balances but not buy/sell. I'm sure I'm missing something.

The added value of that security can certainly be questioned, but I don't think it's unreasonable to say that Kraken is more secure by default and provides more options for keeping one's account secure.