Coinbase Logo

Introducing Passkeys: A Safer and Easier Way to Sign in to Coinbase

TL;DR: Coinbase prioritizes the security of our users. We are excited to introduce Sign in with Passkey, a more secure and convenient optional alternative to the traditional email, password, and 2FA login method.

By Joe Biesemeyer

Product

, April 26, 2024

Coinbase Blog

What are passkeys?

Passkeys are a new type of login method developed by Apple, Google, Microsoft and the FIDO Alliance to make online accounts more secure and easier to access. Instead of relying on a password of letters, numbers, and symbols, passkeys use cryptography to randomly generate a unique code. Unlike passwords, which can be easily forgotten, guessed, or stolen, passkeys are generated on your device and are not shared or stored on any server. The public key is stored securely on Coinbase servers, while the private key is securely stored on your device, protected by your device's native authentication method, such as biometrics (e.g., Face ID or fingerprint) or a PIN.

Why should you use a passkey? Passkeys offer better security:

  1. Passkeys cannot be reused, guessed or cracked, which solves attackers identifying your password from third-party data breaches and resolves the possibility of attackers guessing your password password enumeration. 

  2. Passkeys are resistant to phishing attacks with built-in proximity detection features. This means that the device you use to sign in must be in close proximity to the device that holds your passkey, adding an extra layer of protection against phishing.

  3. Passkeys are designed to be used only on specific websites. When you use a passkey, it checks the domain of the website you're trying to access and compares it to the intended domain. This helps protect you from logging in to fake or malicious websites.  

  4. Passkeys can be stored on your personal devices, like your computer or phone, which minimizes the risk of an attacker gaining remote access to your passkey or account. 

Passkeys are faster and easier than email and password:

  1. You can sign in using the biometrics stored on your device.

  2. You don’t need to remember multiple passwords across multiple websites.

  3. You can set up multiple passkeys, so you aren’t locked out if you lose access to your device or your phone number.

How do I set up a passkey on Coinbase? Web

  1. Sign in to your Coinbase account.

  2. Access the security settings page and select the 2FA settings tab.

  3. Under the Available Methods section, select Passkey, then Add Passkey.

  4. Follow the prompts.

Mobile

  1. Sign in to your Coinbase account.

  2. Select the nine-dot button in the top left of your app and click “Profile & Settings” under your name.

  3. Select the Security tab and select “Change security settings”.

  4. Select Upgrade your two-factor authentication.

  5. Select Passkey and follow the instructions to add your passkey.

Remember, passkeys provide an additional layer of security, but it's important to stay vigilant and follow best practices to keep your passkey and Coinbase account secure. Your passkeys are only as safe as where you store them, so be sure to keep them in a safe place. In addition, your account is only as safe as the weakest login method, so be sure to also upgrade to our most secure 2-factor options after setting up your passkeys.

For best practices on keeping your assets secure, visit our help page.

Coinbase logo