Do I need a Security Key?

[Gateway Pundit]

Hi,

   I recently signed up for coinbase pro that i use on my laptop and phone. When in the coinbase site it says a security key is best. Do i need to get one, like off amazon? Is this necessary?  Thanks.

[RickDeckard]

Hello Gateway Pundit, welcome to bitcointalk.

First of all, I don't think the subject of this thread is appropriated for this section - I've asked a mod to move it over to here -> https://bitcointalk.org/index.php?board=223.0

Secondly, if we go over to Coinbase FAQ section regarding Security keys[1], we find the following definition:

A security key is a physical hardware authentication device designed to authenticate access through one-time-password generation. Coinbase supports Universal Second Factor (U2F) security keys.

What Coinbase is saying to you is that in order to have more security in your account you should set up /activate 2-Step Verification - this is basically another layer of security to your account that makes you enter a code ( of which only you know) generated by a 2FA app/device whenever you need to make changes / buy / sell orders within your account. In this case (Security Key) we're talking about you be in the possession of a physical device in order to validate your orders / changes - if your account gets compromised the hacker wouldn't be able to do anything because he/she wouldn't have access to your physical device.

While they don't state what devices support this kind of security (U2F) by searching on the web it seems that newer models of Yubico[2] already support U2F (amongst many others). You also have Thetis[3] and Google Titan[4] - even though I try my best to stay away from Google products.

If you don't want to spend extra money in these devices, you could go for the 2nd best solution - TOTP apps. These apps basically generate you a code based on a QR code that Coinbase generates for you (which has your secret key that will be used to generate the codes provided by your TOTP app). Then you basically just need to enter that number whenever Coinbase asks you for it and you're good to go! Regarding this solution I can only recommend FOSS apps - either andOTP[5] or Aegis Authenticator[6]
[1]https://help.coinbase.com/en/coinbase/getting-started/verify-my-account/security-keys-faq
[2]https://www.yubico.com/gb/store/
[3]https://thetis.io/products/thetis-ble-u2f-security-key?variant=18870429188169
[4]https://cloud.google.com/titan-security-key
[5]https://github.com/andOTP/andOTP
[6]https://getaegis.app/

[Gateway Pundit]

ok thanks alot. i seen that coinbase recommends the yubico ones. i think its about $45 on amazon. i only have a grand in my trading account. should i get it you think? would i need it for both laptop and phone? i dont see how it would plug into phone since connections are different.

[RickDeckard]

ok thanks alot. i seen that coinbase recommends the yubico ones. i think its about $45 on amazon. i only have a grand in my trading account. should i get it you think? would i need it for both laptop and phone? i dont see how it would plug into phone since connections are different.

In that case I believe that in order to work in a phone you would have to get the NFC version - https://www.yubico.com/gb/product/yubikey-5-nfc/.
Regarding your investment I really recommend you never disclose how much you hold - for your own safety. And regarding your question I always recommend 2FA whenever it's available - it's another layer of security that makes your account be more secure and I think that is never a downside. The people that I know mainly use TOTP apps (such as andOTP) but you'll find good security as well in the Yubico solution.

[BitMaxz]

should i get it you think? would i need it for both laptop and phone? i dont see how it would plug into phone since connections are different.

Yes, they have different connectors it won't fit with your phone that is why you will need a micro USB to OTG cable to use Yubikey with your phone.

However, using the 2FA or SMS authentication is fine as long as you have a backup of secret keys for future recovery.

[Gateway Pundit]

should i get it you think? would i need it for both laptop and phone? i dont see how it would plug into phone since connections are different.

Yes, they have different connectors it won't fit with your phone that is why you will need a micro USB to OTG cable to use Yubikey with your phone.

However, using the 2FA or SMS authentication is fine as long as you have a backup of secret keys for future recovery.

hey what does this part mean? how do i get a "backup of secret keys"?

thanks!

[BitMaxz]

hey what does this part mean? how do i get a "backup of secret keys"?

thanks!

It is a code(secret key) generated from Coinbase that you can get when enabling the 2FA/TOTP from your account. So you will need a Google authenticator installed on PC or on your phone and add the secret key to your Google authenticator. Make sure you have a backup copy of that.

It would be better to read the guide from the Coinbase pro help page below to know how to set up 2FA.

Read under TOTP
- https://help.coinbase.com/en/pro/getting-started/authentication-and-verification/how-do-i-set-up-2-factor-authentication

For SMS, you will only receive a text with a code for verification that you will need when adding SMS verification from your account.