Set up your 2-step verification

Coinbase offers 2-step verification, also known as 2-factor or second factor authentication (2FA), as an added security layer when signing in. This provides additional protection for your account by requiring a unique verification code, in addition to your username and password. You can be prompted for these codes when a sign in is attempted from an unrecognized device, or unrecognized phone number, or when sending crypto out of your Coinbase account.

You'll physically need the mobile device and phone number associated with your Coinbase account, in order to successfully complete 2-step verification.

Coinbase supports the following types, listed from most to least secure.

Security Key

This is a physical hardware authentication device that generates a one-time-password. It offers more protection than other 2FA methods as the credentials don't need to be stored on a networked device. Coinbase supports Universal Second Factor (U2F) security keys from various vendors.

  • We recommend purchasing a key that supports mobile browsers, browser developers that support WebAuthN / Fido2 standard security keys, and security keys that work for both mobile and computers such as a YubiKey

Important

All hardware authentication devices are not Coinbase products. If you use any supported security keys, you'll be subject to their respective terms, conditions, and privacy policies, which may differ from Coinbase's. Ensure you understand all terms before using these keys. Coinbase is not responsible for content on third-party websites.

Enabling a security key will disable any previously configured 2-step verification methods.

  1. Sign into your Coinbase account from a web browser (you cannot change your 2-step method from the Coinbase mobile app).

  2. Access the security settings page and select the 2FA settings tab.

  3. Under the Available Methods section, select the Set up button next to the Security Key option.

  4. Follow the prompts to complete your security key set up.

Passkey

Developed by Apple, Google, Microsoft, and the Fido alliance, passkeys use cryptography to generate a unique code that serves as an alternative to traditional password sign in. They are also user-friendly. Unlike passwords, passkeys are generated on your device and are not shared or stored on any server.

Web

  1. Sign in to your Coinbase account.

  2. Access the security settings page and select the 2FA settings tab.

  3. Under the Available Methods section, select Passkey, then Add Passkey.

  4. Follow the prompts.

Mobile

  1. Sign in to your Coinbase account.

  2. Select avatar in the top left and select Profile & Settings under your name.

  3. Select the Security tab and select Change security settings (this will open a mobile browser window).

  4. Select Upgrade your two-factor authentication.

  5. Select Passkey and follow the instructions to add your passkey.

Authenticator (TOTP) app

These apps generate a unique time-sensitive security code (Time-based One-Time Password (TOTP)) that you can use to secure your Coinbase account. Coinbase supports Duo and Google Authenticator, which don't require phone reception or internet access once they're set up. Alternatively, any app that supports the TOTP protocol should work, including Microsoft Authenticator.

  1. Download your preferred authenticator app from your app store on your mobile device such as Duo or Google.

  2. Sign in to your Coinbase account on your desktop browser.

    • Your TOTP authenticator will also require your mobile device to complete verification.

  3. Access the security settings page and select the 2FA settings tab.

  4. Under the Available Methods section, select the Set up button next to the Authenticator app option.

  5. Follow the prompts to complete your authenticator set up.

Coinbase Security Prompt

This verification method delivers push notifications from your active mobile app session to either approve or deny a login attempt that’s made from a different device.

  1. Sign in to your Coinbase account on your desktop browser.

  2. Go to the security settings page and select the 2FA settings tab.

  3. In the Available Methods section, select the Set up button, next to the Security Prompt option.

  4. Follow the prompts to complete your security prompt set up.

  5. After set up, select Security Prompt, and tap the option for push notifications on your Coinbase app.

Make sure you're signed in to your Coinbase mobile app to receive push notifications. If not signed in, you'll receive a text message as a backup method. Push notifications will be sent to all devices with an active mobile app session.

For account security, regularly check your account activity page and review by selecting Mobile Applications, under Available Methods.

SMS/Text

This type involves receiving a verification code via text message. However, it's linked to your phone number and can make you vulnerable to phone number porting attacks, where an attacker transfers your number to their device, gaining control over your 2-step verification codes. This is used as your default 2-step verification method and it's recommended you set up one listed above to increase the security of your account.

Related articles