Cryptocurrencies have captured everyone’s attention, but that attention has not always included securely storing crypto keys and securely storing crypto passwords. In January of 2021, the New York Times reported that a programmer in San Francisco owned 7,002 Bitcoin that he could not retrieve because he lost the password to his digital wallet.
Protecting your cryptocurrency information involves multiple levels across public and private keys, seed phrases, logins, and passwords to digital wallets. In this post, we cover the basics of securing your Coinbase account, including the use of Coinbase two-factor authentication.
You can immediately take control of your own online security by using a password manager. A password manager helps you create long, complex, random, and unique passwords for every site you visit. This makes a brute force attack impossible in our current lifetimes, and if one site you use were to have a data breach, your other accounts will still be secure. When you are setting up your Coinbase account security, you can generate a secure Coinbase password using a password generator. Perhaps you make it extra long, up to 128 characters. Check out the Bitwarden password generator inside any Bitwarden client, or visit our web-based password generator.
Use this long, complex, random and unique password when setting up your Coinbase account. That password might look like this:
By default Coinbase will ask you to set up two-step authentication (Coinbase uses the term verification) with a telephone number. Once you complete this process, you will have additional two-step authentication options that we detail later in this post.
Coinbase will then ask for the authentication code.
Once you have set up your account, the
Settings > Security options in Coinbase will show you additional 2-step verification options.
Note how the options are ranked by Coinbase
Text message - Moderately secure
Authenticator - Secure
Security key - Very secure
The Settings page even suggests, Tip: For better security, switch to an authenticator app
Following the tip from Coinbase, you can set up an authenticator app as a more secure two-step login mechanism. If you have a Bitwarden Premium Account you can use the built in Bitwarden Authenticator, or use an authenticator like Authy, or Google Authenticator, and many others (Duo, Microsoft, Aegis, FreeOTP, AndOTP).
Since we like enabling two-step login everywhere possible, and we appreciate being able to keep that within Bitwarden, we’ll detail those steps.
NOTE: Many people often ask, if I keep my authentication within my password manager, does that negate the value of two-step authentication? As we noted in this section of our blog post, Basics of two-factor authentication with Bitwarden, the answer depends. Let’s break it down.
Your Bitwarden Vault hopefully already has two-step login using some other method. (ie. do not use the Bitwarden Authenticator to protect your Bitwarden account.) Therefore it is currently protected with a high level of security and, in fact, two-step login.
Having two-step login enabled for websites and applications is always better than not having it enabled. A tighter bundling of two-step login makes it easier to use more frequently, which promotes better security hygiene as a practice.
If you need to share an item, you can share it with two-step login enabled, which, again, is better security practice. This is a collaboration and two-step login power move.
You do not need to remember which authentication app you used, since it is built in.
You can always choose, on an individual basis, which login you want to authenticate internally within the Bitwarden app, or externally using a separate Authenticator app.
Once you choose Select for the Authenticator, you’ll be presented with a dialog to scan a QR code into your authentication app to receive your Temporary One Time Password (TOTP).
Using the Bitwarden application on your mobile phone, you can scan the QR code directly into the application.
Pull up the Coinbase login, tap the Camera icon next to Authenticator Key (TOTP), scan the QR code, and then Save to get your Verification Code (TOTP), a six digit number you can enter into the Coinbase website.
NOTE: Many websites will provide recovery codes as a backup method should you lose your two-factor authentication. However, for Coinbase it appears that they only provide a manual recovery mode if that occurs. So you will want to be certain to save your Authenticator Key into an app that provides the ability to backup and recover your codes. Authy, Google, Microsoft and Bitwarden provide such options.
Congratulations! You are now more secure than using text messages for two-factor verification! However, note that upon completion of adding the authenticator app, Coinbase now suggests, “Tip: For the strongest 2-step verification security, consider upgrading to a security key.”
Security keys provide long, random, complex, and unique identification keys baked into a hardware device, typically USB. You can add multiple security keys to Coinbase to provide redundancy.
Of course, one of the reasons to use a security key is to maintain a physical device. And while you do not store this within Bitwarden, you can keep notes within the Login, or within a separate Secure Note, to help you remember which keys are used for which services. Here of course you would want to use a system that is easy for you to remember and understand and perhaps not be simple for anyone else to figure out.
Whether for Coinbase or other important online accounts, if you have not already started, get yourself a password manager today. Quickly sign up for a free Bitwarden account, or register for a 7-day free trial of our business plans so your business and team can stay safe online.
Editor's Note: This article was originally written on August 3rd, 2021 and was updated on September 30th, 2022.