What is 2-step verification?
2-step verification, also known as 2-factor authentication (2FA), is a security layer in addition to your username and password. With 2-step verification enabled on your account, you will have to provide your password (first "factor") and your 2-step verification code (second "factor") when signing in to your account. 2-step verification codes are associated with a specific device (such as your phone) or your phone number.
Security Key - Most secure
This is the most secure 2-step verification method as this utilizes physical devices that cannot be compromised electronically, so an attacker would have to gain physical access to your 2-step verification key and access to your digital information.
Coinbase supports all u2F/WebAuthN standard security keys. An option for a security key is Yubico's yubikey. Learn how to use a security key by visiting our help article Using and Managing Security Keys.
TOTP - Secure
An algorithm that generates a code based on the current time and a secret key known only to you and the online service, in this case Coinbase. Coinbase shows you a QR code, which is a representation of the secret key, which you then scan using an Authenticator app on your mobile device.
Google Authenticator, Duo, and several other authenticator apps allow you to generate TOTP codes using your mobile device or computer. You can download Google Authenticator or Duo from the app store.
SMS/Text - Least secure
SMS/Text is a phone app authentication or text-based authentication. Since SMS is linked to a phone number, it can leave you susceptible to phone number porting attacks. These types of attacks involve an attacker transferring or "porting" a victim's phone number to a device the attacker controls, effectively taking over the number and associated 2-step verification codes.
Was this article helpful?
Thank you for your feedback. What can we do to improve this article?
We’re glad this article was helpful.
Thank you for your feedback.
Thank you for helping us improve Coinbase.
Your feedback is appreciated.