in

2FA: Know this before you use a physical security key on Coinbase!

I wanted to share my experience with customer support and a physical security key issue. My yubikey nano was starting to show some wear and tear before a recent vacation and then broke off my keychain and was lost. I have no reason to believe I was the victim of any sort of hacking or malicious behavior.

I contacted coinbase support via their help system to regain access to my account and was promptly sent an automated message telling me to setup a dummy account and verify my identity again with my drivers license and a selfie with the date. I did this immediately and then received no response from support. I had a large account and it is now two weeks later with no update from coinbase as to the status of regaining access to my account. **I have been sending emails to the support thread and getting no response.**

Coinbase *explicitly suggests using physical security keys* as the **most secure way** of protecting your account — this is why I got a yubikey. However, they do not advertise that if your key breaks, or is lost, you may not have access to your account for an indefinite amount of time. They do not clearly state that there is no one to call or chat with other than through an email response system that generates (so far as I can tell) entirely automated responses. I’m very disappointed with support so far and this is after really liking the coinbase product and services. I never imagined a public company this big and that has focused so much on security and “knowing the customer” would have this poor of customer service for a very standard type of problem.

**I still think physical security keys are extremely important,** ***but if you use them on Coinbase,*** I think it is absolutely essential that you buy multiple physical security keys for your account and keep at least one of them in a backup “secure” location like a safe or some other safe place in your home. Coinbase will not respond promptly to your requests and if you need to access your funds for some reason and have lost or broken your physical security key you may not have access to your account for weeks.

What do you think?

10 Points
Upvote Downvote

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

5 Comments

  1. I know you’ve been getting no response, but one thing to take from this is actually that while from a security aspect it’s next to impossible to actually hack a Yubikey or at least realistically hack them to gain access to your account, **the easiest way in is almost always the customer service / social engineering route.**

    So TOTP and Yubikeys may be safe from SIM swapping, but what almost every user forgets is that there’s always a fallback for people who lose devices, break devices, etc, and that’s going to be the weak point of every account.

    This is why while I think having a strong 2FA is important, it is equally if not more important to have a strong password. Way too many people are reusing passwords, using weak passwords, etc. If you’re not using a unique, strong, randomly generated password for Coinbase, you need to stay out of exchanges. Get a password manager already.

  2. This subreddit is a public forum. For your security, do not post personal information to a public forum, including your Coinbase account email. If you’re experiencing an issue with your Coinbase account, please [contact us](https://help.coinbase.com/en/contact-us.html) directly.

    If you have a case number for your support request please respond to this message with that case number.

    You should only trust [verified Coinbase staff](https://help.coinbase.com/en/coinbase/other-topics/other/is-coinbase-present-on-social-media.html). Please report any individual impersonating Coinbase staff to the moderators.

    *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CoinBase) if you have any questions or concerns.*

  3. “Coinbase explicitly suggests using physical security keys as the most secure way of protecting your account — this is why I got a yubikey. However, they do not advertise that if your key breaks, or is lost, you may not have access to your account for an indefinite amount of time”

    They don’t need to. It’s obvious. What are you not comprehending about the key metaphor? How about this:

    “People say to use a key to lock your door. But what nobody warns you is that if you lose your key, you can’t open your door.”

    No?

ULTI ARENA | Pre-Sale 4 Has Started | UI Prototype Ready | Doxed Devs | Frequent AMA’s | Proof Of Gaming Concept | Whitepaper | BSC Times Partnership | Audited Twice | Entering Asian Market | Youtube Teaser Video | ShuftiPro KYC

Hello guy, my funds were stolen, I need to clarify some things first