How can I make my account more secure?

Dec 20, 2016
While Coinbase takes extensive security measures to ensure your account is as safe as possible, there are some additional steps that we strongly recommend you take to help protect your account from unauthorized access.  We also have account types specifically designed for protecting your funds - read more about Vault accounts here.


Use a complex and unique password that is not shared or similar to those used on any other websites. These guidelines provide some information about what makes a strong password. It's also a good idea to change your password periodically (about every 3 months) and use a completely new password each time.

Also, never disclose your password to anyone. A Coinbase employee will NEVER ask for your password.

2-Step Verification

Take advantage of the 2-step verification services we offer, either an extra SMS login code, or the authentication apps provided by Google and Authy. This can be enabled on your Security page by adding Google Authenticator or a phone number. You can also enable 2-step verification codes when sending as an extra security measure.

If your email provider offers this functionality, consider adding 2-step verification to the email address you use to log in to Coinbase. Do not use VOIP, Google Voice, or other phone providers that send you 2-step verification messages via email to the address you use to log in to Coinbase.


Bookmark in your browser, and only ever use this link to access the website. Be sure to check for the "lock" symbol appearing in your browser's address bar when you access Coinbase which indicates that your connection is secure. If this symbol is not present, double check the URL.

IP Activity

You can check the IP login activity and verified devices on your account anytime by signing-in and visiting this page:

3rd Party Applications

Practice due diligence when enabling any 3rd party applications to access your account, or when enabling and sharing your API key.  By default these features are turned off, and are only used in more advanced situations.  It's possible to see any 3rd party apps which have permission to use your account on this page:

You can also see whether API access enabled and set further API restrictions on this page:


Still can't find what you're looking for?

Submit A Request