Set up your 2-step verification

For your security, 2-step verification (2FA) is required to access your account.

Recommended 2FA settings

Set up multiple 2FA methods for enhanced security. Having backup methods ensures you can access your account, even if you lose access to one method.

  • Two security keys: Highest security. Use one key as primary and the other as backup.

  • Passkey + security key: Combines Passkey convenience with a security key backup if you lose your phone.

  • Passkey + security prompt: Combines Passkey convenience with a backup option that doesn't require a security key.

Activate 2FA methods

Setup varies by method. Once a 2FA method is set up, you can toggle methods on or off anytime from 2FA Settings.

If one method fails, select Try another way and choose an alternate method.

Security Key

A security key is a physical device that generates one-time passwords. It offers stronger security because credentials aren't stored on networked devices. Coinbase supports Universal Second Factor (U2F) security keys from various vendors.

Tip: Use keys that support mobile browsers, WebAuthN/Fido2 standards, and work on both mobile and hardware devices, like YubiKey.

Security key setup

  1. Sign in to the 2-step verification settings page.

  2. In Available methods, select Set up next to the Security Key option.

  3. Follow the prompts to complete your security key setup.


Passkey

Passkeys use cryptography to create a unique code, replacing traditional passwords. They’re generated on your device and not stored on any server.

Tip: If you store your passkey on Chrome, iCloud/Microsoft/Google Cloud, or a password manager, you can access it from any connected device.

Passkey setup

Web

  1. Sign in to the 2-step verification settings page.

  2. In Available Methods, select Passkey.

  3. Follow the prompts to complete your passkey setup.

Trusted contacts

You can designate at least two trusted contacts to approve account recovery requests. Trusted contacts will receive a notification when their approval is needed. You can choose to require all or a majority of trusted contacts to approve each request.

Keep in mind:

  • Only invite people you know and trust. Anyone asking to be your trusted contact is likely a scammer.

  • Trusted contact approval can be used for account recovery, but not other 2-step verification requests.

  • A trusted contact isn’t the same as an account beneficiary, which is not available on Coinbase.com.

Trusted contact setup

  1. Sign in to the 2-step verification settings page.

  2. In Available Methods, select Set up next to Trusted contacts.

  3. Select Continue and complete 2-step verification.

  4. Select I’m ready.

  5. Enter 2 to 5 trusted contact email addresses and select Send invitation

  6. Share the one-time use code with your trusted contacts. 

    • The code expires in an hour.

You'll get a notification when setup is complete. You can use your trusted contacts 24 hours after setup. At least 2 trusted contacts must complete setup, or you'll need to restart the process.

Authenticator (TOTP) app

Time-based one-time password (TOTP) apps generate unique, time-sensitive security codes. Coinbase supports all authenticator apps, including Duo, Google Authenticator, and Microsoft Authenticator.

  1. Download an authenticator app on your mobile device.

  2. Sign in to the 2-step verification settings page from a web browser.

  3. In Available Methods, select Set up next to Authenticator app.

  4. Follow the prompts to complete the setup, which requires accessing the authenticator app from your mobile device.

Coinbase Security Prompt

Security prompt sends push notifications to your Coinbase mobile app to confirm or deny important account actions.

Note: You must be signed in to the Coinbase mobile app and have notifications enabled on your device. Security prompt notifications are sent as long as the feature is enabled, even if push notifications are paused in the app.

Security prompt setup

  1. Sign in to the 2-step verification settings page.

  2. In Available Methods, select Set up next to Security prompt.

  3. Follow the prompts to complete your security prompt set up.

After setup, select Security Prompt when prompted for 2-step verification. Push notifications will be sent to all devices with an active mobile app session.

To turn off Security prompt, return to the 2-step verification settings page, select Security prompt, and toggle it off.

Note: The security prompt may be turned on automatically if you have an active Coinbase mobile session and notifications enabled.

Text message (SMS)

Text message (SMS) is the default 2-step verification method. It's the least secure option. We recommend adding more methods for better security.

Text message (SMS) setup

  1. Sign in to the 2-step verification settings page.

  2. Toggle the Text message (SMS) option to enable it.

  3. Add a phone number.

  4. Verify the phone number by entering the 6-digit code sent.

Related articles: