Duo and Google Authenticator (TOTP) 2-step verification

What is Duo and Google Authenticator 2-step verification?

Several mobile apps are available that will generate a unique time-sensitive security code (Time-based One-Time Password (TOTP)) that you can use to secure your Coinbase account. Coinbase supports Duo and Google Authenticator, which provide a very secure configuration for 2-step verification and don’t require phone reception or internet access once they're set up. 

You can download Google Authenticator or Duo from your app stores.

These apps generate a one-time code based on two factors:

  • The current date and time on your phone

  • A secret key known only to you and Coinbase

Coinbase shows you a QR code, which represents the secret key, which you'll then need to scan using an Authenticator app on your phone.

Available 2-step verification apps (TOTP)

Several mobile apps are available that will generate a unique time-sensitive security code you can use to secure your Coinbase account. Any app that supports the Time-based One-Time Password (TOTP) protocol should work, including the following:

Note: Coinbase no longer supports Authy. If you're having trouble with Authy, try Google or Duo instead. Enabling an authenticator app will disable SMS code delivery. Disabling your authenticator app will re-enable SMS codes.

How to enable Duo or Google authenticator on Coinbase

Sign in to your Coinbase account using your current email, password and 2-step verification method.

Going through account recovery?

If you are going through account recovery, you must complete this on your desktop web browser; authenticator setup cannot be done via the Coinbase mobile app.

  1. Navigate to the security settings page. 

  2. Under the 'Other Options' section, select the 'Select' button in the Authenticator App box.

  3. Follow the prompts to complete your authenticator setup.

Tip: Sign in to your Coinbase account on your desktop browser (not mobile web browser) as your TOTP authenticator requires your mobile device to complete verification.

Troubleshooting 2-step verification

If you want to use your new mobile device to access Coinbase and still have your old mobile device:

  1. Sign in to your account with your username, password, and 2-step verification code from your old device (if your old device doesn't have internet service, you'll need to connect to trusted wi-fi network)

  2. Go to your Security Settings page

  3. Enter the code from your authenticator app (Note: regenerating your secret key will invalidate your old device tokens)

  4. Scan the new secret key with your new Authenticator app on your new device 

Disable your authenticator:

1. From a computer, sign in to Coinbase using your email address and password.

2. When prompted for a 2-step verification code, select Try another way > Update your authenticator app

  • Note: If you do not get this prompt after logging in, try logging in on an incognito browser or clearing your cache and trying again

3. Follow the rest of the instructions to complete an Account Recovery.

  • Please note that while the pictures of the front and back of your ID can be uploaded from files, the photo of your face will need to be taken live by webcam. This process must be completed through the website and cannot be completed using the mobile app.

  • The account recovery process usually takes 48 hours to complete, but can sometimes take longer. When the recovery process has completed and your account has been verified, you will receive an email confirmation and should be able to log in to update your 2FA method in your account settings. 

  • If you log in from a new device while the review is still in progress, you’ll be required to enter the PIN code you received during the initial account recovery steps. 

  • Once account access has been restored, may be unavailable for 24 hours. After that period, you should have full trading capabilities.

For more information on this, see Regain access to your account.

If you use Google Authenticator or a similar app to generate 2-step verification codes, and no longer have access to your device, you can restore this ability to another device if you saved the secret seed provided when setting up your 2-step verification device. You may have written down this secret seed or saved it to a USB drive.

If you've lost your authentication device and do not have access to the secret seed, please refer to this page for recovery steps.

Originally, to start generating codes you would have scanned a QR code with your phone. The next two sections will show you how to generate these codes from only the secret seed for Google Authenticator and Duo.

When you open Google Authenticator on your mobile device, add a new key by selecting the red plus in the bottom right corner. Select Enter a provided key from the menu that appears.

In the form, fill out the account name with something that describes this account (such as "Coinbase") and type the seed into the field for the key.

3XNrHwch3ppfstFP0HraHP

DUO

Click the add key button in the top right corner of the screen. In the next screen (QR code scanner) click the no barcode button. From there, you can select Coinbase. Enter your Coinbase account email and the Coinbase secret seed in the Account and Key fields.

My codes aren't working

Check that the clock on your device is set to the correct timezone. An incorrect clock can cause codes to be out of sync.

Still can't sign in?

See Regain access to my account