Individuals
Businesses
Developers
Contact us
Go to coinbase.com

What is 2-step verification?

You'll need the mobile device and phone number associated with your Coinbase account in hand in order to successfully complete 2-step verification.

Coinbase offers 2-step verification, known also as 2-factor (2FA) or multifactor authentication, as an added security layer in addition to your username and password.

With 2-step verification enabled on your account, you'll need to provide a unique verification code sent to your phone in addition to your username and password.

Some events that can trigger 2-step verification

  • Sign-in attempt from an unrecognized device

  • Sign-in attempt from a unrecognized phone number

  • Sending crypto out of your Coinbase account

Note: Coinbase no longer supports Authy.

Learn how to troubleshoot 2-step verification issues.

Security Key - Most secure

This is the most secure 2-step verification method as this requires posession of a physical device; an attacker would have to gain physical access to your 2-step verification key and access to your digital information. 

Coinbase supports all WebAuthN / Fido2 standard security keys. An option for a security key is Yubico's yubikey. Learn how to use a security key by visiting our help article Using and Managing Security Keys.

Duo and Google Authenticator (TOTP) - Secure

These are apps that generate a one-time code based on both of these factors: 1) the current date and time on your phone and 2) a secret key known only to you and Coinbase.

Coinbase shows you a QR code, which represents the secret key, which you'll then need to scan using an Authenticator app on your phone.

You can download Google Authenticator or Duo from the app store.

Coinbase Security Prompt - Secure

Coinbase Security Prompt delivers push notifications from your active mobile app session to either approve or deny a login attempt that’s made from a different device (such as web, mobile web, or the mobile app on a different device). This supplementary feature is enabled by default if you’ve chosen text messages (SMS) as your 2-step verification method.

SMS/Text - Least secure

SMS/Text is a phone app authentication or text-based authentication. Since SMS is linked to a phone number, it can leave you susceptible to phone number porting attacks. These types of attacks involve an attacker transferring or "porting" a victim's phone number to a device the attacker controls, effectively taking over the number and associated 2-step verification codes.

footer cta icon

Can't find what you're looking for?

Contact us