Securing Your Crypto With Security Keys and WebAuthN

Since day one, security has been at the heart of Coinbase’s goal to be the most trusted cryptocurrency company in the world. Our Security team is constantly working to ensure our platform is the safest place for you to store your crypto assets. That’s why we’ve spent the past few months rolling out support for U2F (Universal 2nd Factor) security keys to Coinbase and Coinbase Pro traders. While not required for Coinbase accounts, these keys provide an additional security layer making your account even tougher to compromise.

While high-profile attacks on cryptocurrency companies make the biggest headlines, determined attackers know that the vast majority of theft is due to human error. Even the most vigilant security professionals can get fooled by phishing attacks, and phone porting attacks designed to intercept SMS verification codes still occur far too often.

That’s where U2F security keys come in. These tiny hardware tokens contain cryptographic chips that perform the hard work of ensuring that you’re authenticating to the correct website — and that nobody else can authenticate while pretending to be you. While a hacker might be able to intercept your SMS messages and enter a verification code on your behalf, they won’t be able to spoof or verify your security key unless they’re physically holding it. Just how effective are security keys? Google provided security keys to their 85,000 employees and not one of them has been successfully phished since.

Security Keys on Coinbase

Security keys are the gold standard of modern account security, and browser and device manufacturers are still in the process of expanding support for additional devices. To ensure maximum compatibility with as many devices and platforms as possible, we’re rolling out support for security keys gradually — starting with web and then extending to our mobile apps and Login with Coinbase.

You don’t have to wait to start protecting your accounts that support U2F, though. Most security keys will also work out of the box with your Gmail, Facebook, Dropbox, Instagram, Twitter, YouTube, and more. You can add this heightened level of security for your account with the touch of a button, rather than entering 6-digit codes sent to you over SMS or through a smartphone application.

We’re always working to offer the most advanced security features for our customers. When those features are simple to use and set up in seconds, it’s even better. We hope as many people as possible are able to take advantage of security keys to protect their accounts across the web, giving them even more peace of mind when using Coinbase.

Coinbase operates at the forefront of internet security. If you enjoy challenges like making strong security simple and convenient for the next billion crypto users, we’re hiring.

This website contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of Coinbase, Inc., and its affiliates (“Coinbase”), and Coinbase is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. Coinbase is not responsible for webcasting or any other form of transmission received from any Third-Party Site. Coinbase is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by Coinbase of the site or any association with its operators.