Siyu Liu, Senior Product Manager; Chetan Rane, Product Manager
Tl;Dr: We are excited to introduce the Coinbase Security Prompt: a faster and safer way for our users to verify their identity & activities when interacting with the Coinbase ecosystem.
At Coinbase, we believe that our users need to have access to the best security possible without sacrificing ease and convenience. Providing a safe, secure, and easy-to-use platform that users trust is our continuous commitment to all of our current and future customers. That’s why, we require all Coinbase accounts to use 2-Factor Authentication (2FA). 2FA is a security layer on top of username and password. Accounts with 2FA enabled require users to provide their password (first “factor”) and a 2FA code (second “factor”) when signing in. While Coinbase offers both hardware key and authenticator app support on both web and mobile for 2FA, many customers appreciate the convenience of SMS.
Thinking about that, we’re now going one step further in keeping our users’ accounts secure via Coinbase Security Prompt, a simpler, faster and safer 2FA method that improves overall account security. How? Instead of sending an SMS code, the new Coinbase Security Prompt sends users a push notification to their Coinbase mobile app, asking if they are trying to sign in. Now with Coinbase Security Prompts, users can authenticate a login action with a simple tap on their phone:
Our customers will automatically have a stronger security without losing the ease and convenience of using their phones, from anywhere. Security Prompt is resilient against SIM Swap attacks by removing the mobile carrier as an intermediary from the authentication process. It also reduces the risk of phishing attacks by providing detailed information about where the request is coming from, such as the location or browser type.
Starting in July through the rest of 2022, all of our eligible* users will gradually start to be automatically enrolled to complete their 2FA via Security Prompts. Users who are still receiving SMS codes as their 2FA method can get access to Coinbase Security Prompts by downloading the Coinbase app.
*Eligible users are those who have an active mobile login session, trying to login from a second device and are using our latest Coinbase app version.