While Coinbase takes extensive security measures
to ensure your account is as safe as possible, there are some additional steps that we strongly recommend you take to help protect your account from unauthorized access. We also have account types specifically designed for protecting your funds - read more about Vault accounts here
Coinbase staff will never ask for your password, 2-factor authentication codes, or other login credentials. We will never ask you to install remote login or remote support software on your computer.
Only contact Coinbase through this portal or phone support
on +1 (888) 908–7930
. Fake customer service numbers and pages are on the increase — please be careful to verify any information you find via forums, social media and google adverts.
If anyone claiming to be associated with Coinbase Support requests this information, immediately contact us
You may disable your account at any time using the disable links in password reset, transaction confirmation and device confirmation e-mails.
Use a complex and unique password that is not shared or similar to those used on any other websites. These guidelines
provide some information about what makes a strong password. It's also a good idea to change your password periodically (about every 3 months) and use a completely new password each time. Using a password manager such as 1Password
makes this easy to manage.
Also, never disclose your password to anyone. A Coinbase employee will NEVER ask for your password.
Take advantage of the 2-factor authentication (2FA) services we offer, either an extra SMS login code, or a TOTP app like Google Authenticator. This can be enabled on your Security
page by adding Authenticator or a phone number. You can also enable 2-factor authentication codes when sending
as an extra security measure.
TOTP apps are considerably more secure than SMS for 2FA codes, since they are tied to a specific physical device, not a phone number, which could be compromised in a phone porting attack.
If your email provider offers this functionality, consider adding 2FA to the email address you use to log in to Coinbase. Do not use VOIP, Google Voice, or other phone providers that send you 2FA messages via email to the address you use to log in to Coinbase.
If you use SMS 2FA codes, call your mobile provider and add additional protections to your account. For example, request a PIN or password for your account, ask for a port freeze and SIM lock (so attackers can’t move your phone number to a new carrier). If your carrier doesn’t support these added protections, consider changing to a carrier that does.
Your email address is one of the most important connections between you and your Coinbase account! Make sure it is secure! https://haveibeenpwned.com/ * can be used to see whether your email address has ever been compromised in a 3rd party data breach. If so, create a new email address to use with your Coinbase account. You can update the email address on your account at https://www.coinbase.com/settings.
Do not use the same password on your email account that you do on your Coinbase account. If your email provider offers it, activate 2-factor authentication (2FA) on your email account to add an extra layer of security.
Be aware of Phishing
Be on the lookout for emails pretending to be from Coinbase (you may have heard this called “phishing”). This is the most common way customers are compromised. Bookmark important websites (Coinbase, email, banks, etc) and only visit those sites from those bookmarks. Avoid clicking links or opening attachments in emails. Coinbase will never ask for your password, 2FA or remote access to your computer.
in your browser, and only ever use this link to access the website. Be sure to check for the "lock" symbol appearing in your browser's address bar when you access Coinbase which indicates that your connection is secure. If this symbol is not present, double check the URL.
You can check the IP login activity and verified devices on your account anytime by signing-in and visiting this page: https://www.coinbase.com/settings/security_settings
3rd Party Applications
Practice due diligence when enabling any 3rd party applications to access your account, or when enabling and sharing your API key. By default these features are turned off, and are only used in more advanced situations. It's possible to see any 3rd party apps which have permission to use your account on this page: https://www.coinbase.com/settings/security_settings
You can also see whether API access enabled and set further API restrictions on this page: https://www.coinbase.com/settings/api
To learn even more about security, refer to this page
*Coinbase is not affiliated with haveibeenpwned.com and makes no representations about its products or services. Use at your own discretion.