Home » Multi-Factor Authentication » Security Keys » Coinbase Security: How to Use YubiKey

Coinbase Security: How to Use YubiKey


Table of Contents

Securing a Coinbase account using the YubiKey security key should be a priority for anyone using the platform, even if you don’t actively invest or hold any funds. With the increased popularity of cryptocurrency, the threat of account takeover is even more real. The inadequate security measures have already affected thousands of Coinbase customers resulting in unauthorized third party gaining access to their accounts.

Setup the YubiKey with Coinbase by visiting your Security options under your profile settings. Select Security Key and follow the instructions on the screen. Make sure to register two YubiKeys and keep the spare one in a safe place as a backup option.

Between March and May 2021, 6000 Coinbase customers received an email notifying them that they were victims of a third-party campaign to gain unauthorized access to their accounts, which resulted in the loss of any funds located on that account.

The email titled “Unauthorized Access to Your Coinbase Account” describes how the attackers took advantage of the now fixed flow in Coinbase’s SMS Account Recovery process, which, combined with the knowledge of personal details of the account owner, led to the disaster.

It is not clear how the attackers gained detailed knowledge about the Coinbase account owner’s password, phone number, or email, but the suspicion is that the phishing attacks led to the disclosure of this data by the user himself.

All affected accounts were secured with the SMS-based Two-Factor Authentication method. However, the SMS-based Two-Factor Authentication is now widely considered as unsafe and, as such, should be avoided in favor of more secure authentication using time-based-one-time passwords (TOTP) via Authenticator apps like Google Authenticator or by using the Security Key like YubiKey.

Although Coinbase offered a full refund to all affected users, that does not change the fact that you should stop using the SMS-based Two-Factor Authentication and opt for more secure options like YubiKey Security Key or an Authenticator app.

You may also like: Google Authenticator vs. Microsoft Authenticator – Which one is better?

How to setup YubiKey with Coinbase?

Securing your Coinbase account with YubiKey takes only a few minutes, and it will give you peace of mind that you have used the best and most secure method of authentication currently available.

1) Click Settings under your Coinbase profile.

Click the Settings option under your profile user icon at the top right corner of the browser window.

Coinbase settings options button
Coinbase account settings.

2) Click the Security tab.

Make sure that your primary phone number is up to date. Having your phone number correct is crucial if you ever need to contact Coinbase support to help with account recovery.

Security section button.
Security section.

3) Make sure to have your YubiKey ready.

Don’t worry if you currently have a Text message or Authenticator option selected as your primary authentication method. Once you finish, the YubiKey will become the primary authentication method, and other options will automatically be disabled.

Many online services allow you to register at least two types of authentication methods at once.

For example, you can have the YubiKey configured as your primary authentication method and the option to authenticate using the TOTP codes generated by the Authenticator app like Google Authenticator.

The idea is that if you lose your YubiKey, for example, you will have a fallback option and still be able to log in using the TOTP codes generated by your authenticator app.

However, Coinbase does not offer a fallback option if you lose your YubiKey.

Therefore, it is essential that if you choose to secure your Coinbase account with YubiKey, make sure to buy two devices and register them both while keeping the spare one in a safe place at home.

I would recommend my personal favorite YubiKey 5C NFC, a very versatile Security Key with the latest USB-C and NFC technology, allowing you to use it with your NFC-enabled devices just by tapping it.

If you are an Apple user, the YubiKey 5Ci is the best next choice, in my opinion. Although it lacks NFC connectivity, it has a dual connector with support for USB-C and Lightning.

And finally, if you are unsure which one to select, then take the Yubico quiz, which will help you choose the best option.

4) Press the Select button next to the Security Key option.

Adding Security Key in Coinbase.
Option to register a security key in a Coinbase account.

5) Press Continue.

Coinbase Security ?Key registration continue button.
Security key registration dialog window.

6) Read the Security Key restrictions note.

During the YubiKey setup, Coinbase will display a note about potential Security Key restrictions you may encounter when using the Coinbase Pro mobile app.

It will also warn you about using incompatible browsers and the possibility of breaking support for 3rd-party applications which were connected to your Coinbase account.

Press the ‘I understand’ button to continue if you are happy with the restrictions.

Continue YubiKey registration.
List of restrictions for securing the Coinbase and Coinbase Pro account with YubiKey Security Key.

7) Confirm settings change with current 2FA method.

Suppose you had another type of Two-Factor Authentication configured before. In that case, you might need to confirm the settings change by retyping the code sent to you via SMS message or the code generated by the Authenticator app.

Press ‘Confirm’ when ready to continue.

2FA code request in Coinbase.
2FA verification dialog window.

8) Insert your YubiKey to begin registration.

Insert your primary YubiKey into the free USB port and press ‘Begin registration’.

Insert your Security Key prompt dialog.
Security key registration window.

9) Confirm Window Security Key setup.

Security key setup dialog window.
Windows security prompt for security key setup.

10) Type the Security Key PIN code.

Type your YubiKey Security Key PIN code if you have ever set one.

Security Key pin request dialog.
YubiKey PIN confirmation.

11) Touch your YubiKey Security Key.

Your YubiKey should now start flashing, indicating that you need to touch the pad to complete the registration process.

Touch your security key dialog.
Request to touch the YubiKey to finalize the registration.
My YubiKey gold disk flashing yellow
A touch sensor on my YubiKey 5C NFC.
Coinbase security key registration successful.
Confirmation of the completed security key registration in the Coinbase account.

12) Coinbase account secured with the YubiKey.

You should now be able to see the Security Key option under the Current section indicating that your Coinbase account is now secured with the YubiKey.

Completed setup of the security key.
Security Key management option in the Coinbase account.

Adding a second Yubikey.

1) Add your spare YubiKey as a backup.

Even Coinbase suggests adding a second Security Key as a backup option.

Press ‘Manage’ next to the Security Key section to add your spare YubiKey.

Manage security key in Coinbase account.
Adding a second security key as a backup option.

2) Press Add another security key button.

At that stage, you can either Remove or Rename your existing security key or add another one that will be used as a backup option if you lose your primary YubiKey.

Press ‘Add another security key’ to continue.

Add another security key to the Coinbase account.
Option to add a second YubiKey.

Do not remove your first Security Key until asked, as the process requires authentication before you can add another key.

Then, make sure to remove your primary key and insert the spare one before registration.

Follow the steps as before to register the second key.

When finished, you should be able to see both keys under the Manage Security Keys section.

Two YubiKey security keys registered in Coinbase.
Two YubiKeys were added to the Coinbase account.

From now on, you will log in to your Coinbase account by using your credentials and your YubiKey.

Which YubiKey works with Coinbase?

Although I don’t own all the YubiKey types, I own four most recent USB-C models, and I can confirm that they all work with Coinbase.

I would recommend my personal favorite YubiKey 5C NFC, a very versatile Security Key with the latest USB-C and NFC technology, allowing you to use it with your NFC-enabled devices just by tapping it.

If you are an Apple user, the YubiKey 5Ci is the best next choice, in my opinion, which according to the works-with-yubiKey catalog, should also work with Coinbase.

If you decide to secure your Coinbase account with Security Key, read about the restrictions that will apply when using this technology.

Continue YubiKey registration.
Security Key restrictions when used with Coinbase account.

YubiKey 5C NFC.

This is my favorite YubiKey so far, which is compatible with Coinbase.

The YubiKey 5C NFC, as the name suggests, offers NFC connectivity which means that you can use the security key with NFC-enabled devices.

An image of the YubiKey 5C NFC.
My YubiKey 5C NFC.

Check the latest price of the YubiKey 5C NFC by visiting the Yubico shop.

YubiKey C Bio Fido Edition.

The YubiKey C Bio is the latest model of the YubiKey series. It offers biometric authentication using fingerprint recognition and passwordless login.

Image of the YubiKey C Bio Fido Edition.
My YubiKey C Bio Fido Edition.

Check the latest price of the YubiKey C Bio Fido Edition by visiting the Yubico shop.

YubiKey 5C.

YubiKey 5C is a simple security key with a USB-C and small size factor.

Image of the YubiKey 5C.
My YubiKey 5C.

Check the latest price of the YubiKey 5C by visiting the Yubico shop.

YubiKey 5C Nano.

The YubiKey 5C Nano is perfect for mobile devices like your laptop. It is tiny, and it will fit perfectly on the side of your laptop.

Image of the YubiKey 5C Nano.
My YubiKey 5C Nano.

Check the latest price of the YubiKey 5C Nano by visiting the Yubico shop.

Do you need two YubiKeys?

Although you can register only one YubiKey with Coinbase, it is highly advisable to register a second one. The second YubiKey will act as a backup option in case you lose your primary YubiKey security key.

Keep your spare YubiKey in a safe location at home.

Does YubiKey work with Coinbase Pro?

Both Coinbase and Coinbase Pro are secured using the same account credentials. If you secure your Coinbase account with YubiKey, you will automatically secure your Coinbase Pro account with the same type of authentication.

Keep in mind that as of writing this article, the Coinbase Pro mobile app does not support security keys yet, so you won’t be able to sign in to it if you add the security key.

My Favorite Software and Hardware.

I appreciate your visit to my blog. I trust that you found the information helpful. To help you further, I'd like to share the software and hardware that I personally use and find valuable. These links are affiliated, meaning that if you make a purchase, I will receive a small commission without any additional cost to you. For more details, please refer to my Disclosure. To be transparent, the software listed is what I have installed on my computer, and the hardware mentioned is what I use to secure my online accounts and store my passwords.

1Password Manager - After three years of use, I can confidently say that 1Password is the best password manager available. Its user-friendly design and robust security features make managing your passwords and personal information a breeze. If you're interested in trying it, head to the 1Password website, where you can start a free trial or take advantage of the latest deals. I assure you, you won't regret switching to 1Password.

YubiKey Security Key - Enhance the security of your digital assets with a hardware authentication device, and I suggest the Yubikey 5C NFC. This is the device I personally use, and it provides additional convenience through its NFC compatibility with your phone. If you're an Apple user, the YubiKey 5Ci is a solid choice and my go-to recommendation.