For your security, 2-step verification (2FA) is required to access your account.
Make sure you have access to the mobile device and phone number connected to your Coinbase account for 2FA. A desktop browser is recommended for 2FA setup.
Recommended 2FA settings
Set up multiple 2FA methods for enhanced security. Having backup methods ensures you can access your account, even if you lose access to one method.
Two security keys: Highest security. Use one key as primary and the other as backup.
Passkey + security key: Combines Passkey convenience with a security key backup if you lose your phone.
Passkey + security prompt: Combines Passkey convenience with a backup option that doesn't require a security key.
Activate 2FA methods
Setup varies by method. Once a 2FA method is set up, you can toggle methods on or off anytime from 2FA Settings.
You should be able to use any enabled method for 2-step verification, but if one fails select Try another way and choose an option.
Security Key
A security key is a physical device that generates one-time passwords. It offers stronger security because credentials aren't stored on networked devices. Coinbase supports Universal Second Factor (U2F) security keys from various vendors. This method requires physical interaction.
Ensure device compatibility with Coinbase and review the device’s terms, conditions, and privacy policy. They may differ from Coinbase’s terms. Coinbase isn't responsible for third-party website content.
Tip: Use keys that support mobile browsers, WebAuthN/Fido2 standards, and work on both mobile and hardware devices, like YubiKey.
Security key setup
Sign in to Coinbase.com from a web browser.
Select the menu icon.
Select Accounts.
Select the Security tab to access the security settings page.
Select the 2FA Settings tab.
In Available Methods, select Setup next to the Security Key option.
Follow the prompts to complete your security key setup.
Enabling a security key turns off previous 2FA methods.
Passkey
Passkeys use cryptography to create a unique code, replacing traditional passwords. They’re generated on your device and not stored on any server.
Tip: Set up a passkey on devices with different operating systems, like a Windows laptop, Mac, or Android phone. If you store your passkey on Chrome, Cloud/Microsoft/Google Cloud, or a password manager, you can access it from any connected device.
Passkey setup
Web
Sign in to Coinbase.com.
Select the menu icon.
Select Accounts.
Select the Security tab to access the security settings page.
Select the 2FA Settings tab.
In Available Methods, select Passkey.
Select Add a backup passkey.
Follow the prompts.
Mobile app
Select the menu icon and choose Account & settings.
Under Security, choose Change security settings.
Select the 2FA Settings tab.
Select Passkey and follow the instructions to add your passkey.
Trusted contacts
You can designate at least two trusted contacts to approve account recovery requests. Trusted contacts will receive a notification when their approval is needed. All trusted contacts must approve each request, or you need to start the process again.
Keep in mind:
Only invite people you know and trust. Anyone asking to be your trusted contact is likely a scammer.
Trusted contact approval doesn’t replace 2-step verification.
A trusted contact isn’t the same as an account beneficiary, which is not available on Coinbase.com.
Tip: We assign code names to your trusted contacts. Remember which code name belongs to each contact.
Trusted contact setup
Sign in to Coinbase.com from a web browser.
Go to the 2FA Settings page.
Select Available Methods.
Select Set up next to Trusted contacts.
Select Continue and complete 2-step verification.
Select I’m ready.
Enter 2 to 3 trusted contact email addresses and select Send invitation.
Share the one-time use code with your trusted contacts.
The code expires in an hour.
You'll get a notification when setup is complete. You can use your trusted contacts 24 hours after setup. At least 2 trusted contacts must complete setup, or you'll need to restart the process.
To remove a trusted contact, select the edit icon by their name and choose Remove contact.
Authenticator (TOTP) app
Time-based one-time password (TOTP) apps generate unique, time-sensitive security codes. Coinbase supports Duo and Google Authenticator. Any app that supports the TOTP protocol, like Microsoft Authenticator, should also work.
Download an authenticator app like Duo or Google from your app store.
Sign in to your Coinbase account using a web browser.
Select the menu icon and choose Accounts.
Select the Security tab to access the security settings page.
Select the 2FA Settings tab.
In Available Methods, select Set up next to Authenticator app.
Follow the prompts to complete your authenticator set up.
Your TOTP authenticator will need your mobile device for verification.
Coinbase Security Prompt
This verification method delivers push notifications from your active mobile app session. You’ll be able to approve or deny a login attempt that’s made from a different device.
Security prompt setup
Sign in to your Coinbase account from a web browser.
Select the menu icon and choose Accounts.
Select the Security tab to access the security settings page.
Select the 2FA Settings tab.
In Available Methods, select Set up next to Security Prompt.
Follow the prompts to complete your security prompt set up.
After setup, select Security Prompt and choose push notifications on the Coinbase app.
Sign in to your Coinbase mobile app to receive push notifications. If you’re not signed in, you'll receive a text message as a backup. Push notifications are sent to all devices with an active mobile app session.
For account security, regularly check your account activity page and review Mobile Applications under Available Methods.
SMS/Text
SMS/Text is the default 2-step verification method. It's the least secure option. We recommend adding more methods for better security.
Related articles: