What is 2-step verification?
Coinbase offers 2-step verification, known also as 2-factor (2FA) or multifactor authentication, as an added security layer in addition to your username and password.
With 2-step verification enabled on your account, you'll need to provide a unique verification code sent to your phone in addition to your username and password.
Some events that can trigger 2-step verification
- Sign-in attempt from an unrecognized device
- Sign-in attempt from a unrecognized phone number
- Sending crypto out of your Coinbase account
Note: Coinbase no longer supports Authy. Scroll down to the Authy section for further info.
Learn how to troubleshoot 2-step verification issues.
Security Key - Most secure
This is the most secure 2-step verification method as this requires posession of a physical device; an attacker would have to gain physical access to your 2-step verification key and access to your digital information.
Coinbase supports all WebAuthN / Fido2 standard security keys. An option for a security key is Yubico's yubikey. Learn how to use a security key by visiting our help article Using and Managing Security Keys.
Duo and Google Authenticator (TOTP) - Secure
These are apps that generate a one-time code based on both of these factors: 1) the current date and time on your phone and 2) a secret key known only to you and Coinbase.
Coinbase shows you a QR code, which represents the secret key, which you'll then need to scan using an Authenticator app on your phone.
SMS/Text - Least secure
SMS/Text is a phone app authentication or text-based authentication. Since SMS is linked to a phone number, it can leave you susceptible to phone number porting attacks. These types of attacks involve an attacker transferring or "porting" a victim's phone number to a device the attacker controls, effectively taking over the number and associated 2-step verification codes.
Authy (TOTP) - Not Supported
Authy is no longer supported on Coinbase, but these steps will help you disable Authy and add a new authenticator.
Steps for disabling Authy (you will need to verify your identity):
1. Sign in to your Coinbase account using your email address and password.
2. When prompted for your 2-step verification code, select I need help > I can’t access my authenticator app anymore.
3. Follow the rest of the instructions to complete the process (a government-issued ID is required for completion).
If you don't receive a 2-step prompt when signing in, try clearing your browser cache and/or following the above steps in your browser’s private or Incognito mode.
The account recovery process usually takes 48 hours to complete but can sometimes take longer. After 24 hours, you should be able to sign in to your account via SMS verification codes and complete buys and sells. After 48 hours, you should have full trading capabilities restored. For your security, sends will be disabled on your account until the full security period has passed. If you sign in before the security period is complete, you’ll receive a pop-up notification informing you that sends are temporarily disabled.
Was this article helpful?
Thank you for your feedback. What can we do to improve this article?
We’re glad this article was helpful.
Thank you for your feedback.
Thank you for helping us improve Coinbase.
Your feedback is appreciated.