2FAA.app

How to Enable 2FA on Coinbase

SIM-swap attacks against crypto accounts are the most financially damaging form of 2FA bypass — attackers port your phone number, receive your SMS codes, and drain the account. Moving Coinbase from SMS to an authenticator app closes that door completely.

Quick path: coinbase.com → Settings → Security → 2-step verification → Authenticator

Step-by-step: 2FA setup on Coinbase

  1. 1

    Open Coinbase security settings

    Sign in at https://www.coinbase.com, click your avatar → 'Settings' → 'Security'.

  2. 2

    Change your 2-step verification method

    In the '2-step verification' section, select 'Authenticator' (instead of SMS or the Coinbase Security Prompt).

  3. 3

    Scan the QR code with 2FAA

    Coinbase displays a QR code and a manual setup key. Open 2FAA, scan the code (or paste the key). A 6-digit Coinbase code starts rotating.

  4. 4

    Confirm with the current code

    Enter the active code from 2FAA into Coinbase to finish. From now on, sign-ins and sensitive actions require the authenticator code.

  5. 5

    Remove SMS as a fallback if offered

    Keeping SMS as a backup partially defeats the purpose — an attacker who hijacks your number could downgrade to it. Prefer the authenticator plus securely stored recovery options.

Generate Coinbase 2FA codes with 2FAA

You don't need a separate authenticator app. 2FAA is a free, browser-based TOTP generator — your secret never leaves your device, and it works offline as a PWA. The same secret can be used in parallel with Google Authenticator or Authy if you prefer redundancy.

Open 2FAA AuthenticatorImport from Google Authenticator

Frequently asked questions

Why is authenticator 2FA so important for crypto accounts?

Because crypto transfers are irreversible. SMS codes can be stolen via SIM swapping; TOTP codes are generated locally on your device and never travel over the phone network, so there's nothing to hijack.

Will changing my 2FA method lock my Coinbase withdrawals?

Coinbase may apply a temporary restriction on sending crypto for up to 48 hours after security changes — it's an anti-theft measure. Plan the switch when you don't need to move funds immediately.

Does this also protect Coinbase Wallet?

No. Coinbase Wallet is a separate self-custody app secured by its recovery phrase, not by your Coinbase.com login. 2FA protects your Coinbase.com (exchange) account.

I lost my authenticator — how do I get back into Coinbase?

Use Coinbase's account recovery flow — it requires identity re-verification and can take days. To avoid this entirely, export a backup of your 2FAA secrets when you set up 2FA.

Other 2FA setup guides

Discord 2FAEpic Games / Fortnite 2FARoblox 2FASpotify 2FAPayPal 2FATwitch 2FA