What are the password requirements on Coinbase?
Passwords must be at least 8 characters long and have an estimated offline crack time over 6,000 seconds
We do not enforce arbitrary restrictions on numbers, special characters, or maximum password length
Any passwords longer than 72 characters will be truncated
How do I choose a good password?
Coinbase strongly recommends the use of password manager software, such as 1Password or LastPass. A password manager can generate random, unique passwords for each website you visit. It can also automatically fill in passwords for you and can protect you against phishing attacks.
If you don't want to use a password manager:
Be sure to use a long, random password that is unique to your Coinbase account
Do not reuse passwords from other websites, especially your email account
You can use a passphrase (a sentence or group of words), but do not choose a phrase from a book or a movie as hackers have access to sophisticated databases of such quotes
My password is long and random, why does it have a low crack time?
We check all passwords against password dumps and leaks across the internet. It's possible that your password was found in one of these dumps. We recommend you change your password immediately if this is the case.
Read our complete Password FAQ for more information.
How do I reset my password?
If you forgot or need to reset your password, use these steps:
Visit the Coinbase Password Reset page.
Enter your email address and select reset password.
Check your inbox (and spam folder) for a password reset email from us.
Select the link in the email to open the password reset page.
Create a new password and complete this action.
Once complete, then you should now be able to sign in to Coinbase.
What happens if I reset my password from a new device?
As a security precaution, if you reset your password from a device you have not previously authorized, you may not be able to send crypto from your account for up to 48 hours. To avoid this send restriction, request a password reset from a previously authorized device.