We take careful measures to ensure that your bitcoin is as safe as possible.
Offline storage provides an important security measure against theft or loss.
We distribute bitcoin geographically in safe deposit boxes and vaults around the world.
Sensitive data that would normally reside on our servers is disconnected entirely from the internet.
Data is then split with redundancy, AES-256 encrypted, and copied to FIPS-140 USB drives and paper backups.
Drives and paper backups are distributed geographically in safe deposit boxes and vaults around the world.
In addition to your username and password, you'll enter a code from your mobile phone, adding an extra layer of security for your account.
Our website traffic runs entirely over encrypted SSL (https).
Wallets (and private keys) are stored using AES-256 encryption.
Coinbase employees must pass a criminal background check as part of the hiring process.
We use separate passwords and two-step verification with each device and service.
Employees are required to encrypt their hard drives, utilize strong passwords, and enable screen locking.
We use SQL injection filters and verify the authenticity of POST, PUT, and DELETE requests to prevent CSRF attacks.
We rate limit a variety of actions on the site (login attempts, etc).
We whitelist attributes on all models to prevent mass-assignment vulnerabilities.
We hash passwords stored in the database (using bcrypt with a cost factor of 12).
We check for strong passwords on account creation and password reset.
Application credentials are kept separate from the database and code base.
An active community of security researchers helps keep Coinbase customers safe.