Whoops

Please refresh the page and try again

Individuals
Businesses
Developers
Contact us
Go to coinbase.com

What is 2-step verification?

You'll need the mobile device and phone number associated with your Coinbase account in hand in order to successfully complete 2-step verification.

Coinbase offers 2-step verification, known also as 2-factor (2FA) or multifactor authentication, as an added security layer in addition to your username and password.

With 2-step verification enabled on your account, you'll need to provide a unique verification code sent to your phone in addition to your username and password.

Some events that can trigger 2-step verification

  • Sign-in attempt from an unrecognized device
  • Sign-in attempt from a unrecognized phone number
  • Sending crypto out of your Coinbase account

Note: Coinbase no longer supports Authy. Scroll down to the Authy section for further info.

Learn how to troubleshoot 2-step verification issues.

Security Key - Most secure

This is the most secure 2-step verification method as this requires posession of a physical device; an attacker would have to gain physical access to your 2-step verification key and access to your digital information. 

Coinbase supports all WebAuthN / Fido2 standard security keys. An option for a security key is Yubico's yubikey. Learn how to use a security key by visiting our help article Using and Managing Security Keys

Duo and Google Authenticator (TOTP) - Secure

These are apps that generate a one-time code based on both of these factors: 1) the current date and time on your phone and 2) a secret key known only to you and Coinbase.

Coinbase shows you a QR code, which represents the secret key, which you'll then need to scan using an Authenticator app on your phone.

You can download Google Authenticator or Duo from the app store. 

SMS/Text - Least secure

SMS/Text is a phone app authentication or text-based authentication. Since SMS is linked to a phone number, it can leave you susceptible to phone number porting attacks. These types of attacks involve an attacker transferring or "porting" a victim's phone number to a device the attacker controls, effectively taking over the number and associated 2-step verification codes.

Can’t find what you’re looking for?

Contact us