Set up your 2-step verification

Coinbase offers 2-step verification, also known as 2-factor or second factor authentication (2FA), as an added security layer when signing in. This provides additional protection for your account by requiring a unique verification code, in addition to your username and password. You can be prompted for these codes when a sign in is attempted from an unrecognized device, or unrecognized phone number, or when sending crypto out of your Coinbase account.

You'll physically need the mobile device and phone number associated with your Coinbase account, in order to successfully complete 2-step verification.

Coinbase supports the following types, listed from most to least secure.

Multiple 2-step verification methods

You can set up and turn on multiple 2-step verification methods on your account, at the same time, which enhances your account's security. When more than one method is set up, they can also be used as backup in case you lose access to one of your methods.

How it works

  1. Set up your preferred methods by following the set up steps below for each.

    • After set up, you can toggle the methods on and off at any time in your 2FA Settings.

  2. You can use any of the methods that are turned on to complete 2-step verification challenges when completing certain actions in your account.

If you don’t want to use the method that you’re first prompted with, select Try another way and choose a different method.

Tip:

Your strongest 2-step verification method will be challenged first. Your account is only as secure as the least secure method you have turned on.

Combination 1: Two security keys

  • Offers the highest level of security with one for primary use and one for backup if the primary is lost.

    • You do not set one as your primary. This is an example.

Combination 2: Passkey and security key

  • Offers the convenience and security of Passkey with a security key as a backup in the event you lose your phone.

Combination 3: Passkey and security prompt

  • Offers the convenience and security of Passkey with a backup option that doesn’t involve a security key.

Security Key

This is a physical hardware authentication device that generates a one-time-password. It offers more protection than other 2FA methods as the credentials don't need to be stored on a networked device. Coinbase supports Universal Second Factor (U2F) security keys from various vendors.

  • We recommend purchasing a key that supports mobile browsers, browser developers that support WebAuthN / Fido2 standard security keys, and security keys that work for both mobile and computers such as a YubiKey

Important

All hardware authentication devices are not Coinbase products. If you use any supported security keys, you'll be subject to their respective terms, conditions, and privacy policies, which may differ from Coinbase's. Ensure you understand all terms before using these keys. Coinbase is not responsible for content on third-party websites.

Enabling a security key will disable any previously configured 2-step verification methods.

  1. Sign into your Coinbase account from a web browser (you cannot change your 2-step method from the Coinbase mobile app).

  2. Access the security settings page and select the 2FA settings tab.

  3. Under the Available Methods section, select the Set up button next to the Security Key option.

  4. Follow the prompts to complete your security key set up.

Passkey

Developed by Apple, Google, Microsoft, and the Fido alliance, passkeys use cryptography to generate a unique code that serves as an alternative to traditional password sign in. They are also user-friendly. Unlike passwords, passkeys are generated on your device and are not shared or stored on any server.

Tip:

  • Set up a passkey on all devices that use different operating systems, such as Windows laptop, Mac, or Android phone.

  • If you store your passkey on Chrome, Cloud/Microsoft/Google Cloud, or a password manager, you can access it from any other device connected to the same storage method.

Web

  1. Sign in to your Coinbase account.

  2. Access the security settings page and select the 2FA settings tab.

  3. Under the Available Methods section, select Passkey, then Add Passkey.

  4. Follow the prompts.

Mobile

  1. Sign in to your Coinbase account.

  2. Select in the top left and select Profile & Settings under your name.

  3. Select the Security tab and select Change security settings (this will open a mobile browser window).

  4. Select Upgrade your two-factor authentication.

  5. Select Passkey and follow the instructions to add your passkey.

Authenticator (TOTP) app

These apps generate a unique time-sensitive security code (Time-based One-Time Password (TOTP)) that you can use to secure your Coinbase account. Coinbase supports Duo and Google Authenticator, which don't require phone reception or internet access once they're set up. Alternatively, any app that supports the TOTP protocol should work, including Microsoft Authenticator.

  1. Download your preferred authenticator app from your app store on your mobile device such as Duo or Google.

  2. Sign in to your Coinbase account on your desktop browser.

    • Your TOTP authenticator will also require your mobile device to complete verification.

  3. Access the security settings page and select the 2FA settings tab.

  4. Under the Available Methods section, select the Set up button next to the Authenticator app option.

  5. Follow the prompts to complete your authenticator set up.

Coinbase Security Prompt

This verification method delivers push notifications from your active mobile app session to either approve or deny a login attempt that’s made from a different device.

  1. Sign in to your Coinbase account on your desktop browser.

  2. Go to the security settings page and choose the 2FA settings tab.

  3. In the Available Methods section, select Set up button next to the Security Prompt option.

  4. Follow the prompts to complete your security prompt setup.

  5. After setup, select Security Prompt, and tap the option for push notifications on your Coinbase app.

Make sure you're signed in to your Coinbase mobile app to receive push notifications. If not signed in, you'll receive a text message as a backup method. Push notifications will be sent to all devices with an active mobile app session.

For account security, regularly check your account activity page and review by selecting Mobile Applications, under Available Methods.

SMS/Text

This type involves receiving a verification code via text message. However, it's linked to your phone number and can make you vulnerable to phone number porting attacks, where an attacker transfers your number to their device, gaining control over your 2-step verification codes. This is used as your default 2-step verification method and it's recommended you set up one listed above to increase the security of your account.


Related articles