Question about managing authenticator on coinbase.com

[6erth6rind6ain]

Ok, as as newbie to coinbase and crypto in general, I was exploring the settings while logged into my account at coinbase.com.

When I clicked on the Security tab, I noticed a box that is titled "Authenticator" and a button to click next to it titled "manage".

I clicked on "manage" and a small popup window opened up with two options: Change Device and Disable

I have no idea what this means, but I discovered that no matter which of those two options, I get another popup window that
at the top says "Confirm settings change"

Uncer that it says, "2-step verification This extra step is to make sure it's reall you trying to change settings"

And under that I have instructions to enter something called "your 2-step verification code".

I don't recall creating 2-step verification code. I remember when I first created my account, I wrote down my email and password to sign into the account, and I remember a code that was sent to my phone (and sms code) to continue creating the account, but that's it.

It's now asking me to enter my 2-step verification code, but I don't have one as far as I know.

What do I go from here?

I tried looking for information on what to do next on coinbase help but got nothing.

[1715491872]

1715491872

[1715491872]

1715491872

[o_e_l_e_o]

Coinbase has 3 options which you can use for 2FA: https://help.coinbase.com/en/coinbase/getting-started/verify-my-account/how-do-i-set-up-2-factor-authentication

These are hardware security keys, time based one time passwords (TOTP) which are usually provided via authenticator apps on phones, and SMS messages. You would know if you have ever bought a hardware security key or downloaded and set up an authenticator app. If you don't remember doing either of these things, then you must be using SMS, which would be in keeping with them sending a code to your phone when you first set up your account. The code they are asking for now should again be sent to your phone. Check the phone number in your account is correct.

For future reference, SMS is the least secure method of 2FA. You should look in to updating to an open source 2FA app such as Aegis.

[6erth6rind6ain]

Coinbase has 3 options which you can use for 2FA: https://help.coinbase.com/en/coinbase/getting-started/verify-my-account/how-do-i-set-up-2-factor-authentication

These are hardware security keys, time based one time passwords (TOTP) which are usually provided via authenticator apps on phones, and SMS messages. You would know if you have ever bought a hardware security key or downloaded and set up an authenticator app. If you don't remember doing either of these things, then you must be using SMS, which would be in keeping with them sending a code to your phone when you first set up your account. The code they are asking for now should again be sent to your phone. Check the phone number in your account is correct.

For future reference, SMS is the least secure method of 2FA. You should look in to updating to an open source 2FA app such as Aegis.

Ok, thanks. One thing that's confusing here is that I checked and it does have the correct phone number verified. At least it shows the last two correct numbers, and I remember verifying my phone number via SMS. ...but I'm not getting a code sent to me when prompted to enter a 2-step verification code.

[Upgrade00]

I believe the SMS verification is standard procedure when setting up a new account, and it is used when sending coins out or confirming transactions. 2FA on the other hand needs to be set up manually for it to be in place.
You could think back whether you or someone else with access to the account could have set up 2FA, if you cannot remember this information, then try messaging thir support service for further assistance.

[BitMaxz]

Ok, thanks. One thing that's confusing here is that I checked and it does have the correct phone number verified. At least it shows the last two correct numbers, and I remember verifying my phone number via SMS. ...but I'm not getting a code sent to me when prompted to enter a 2-step verification code.

Have you requested the 2FA code many times? Maybe you've been blocked for 24 hours to receive the 2FA SMS code you will need to wait for 24 hours to request a new 2FA SMS code.

Or if you are using the Coinbase app try to check the app first if it's updated or not. If not, then it's a bug you will need to update it to the latest version to fix this issue.

If all of the suggestion above doesn't work your last option is to contact them from here "Contact us"

Just added this "2-step verification troubleshooting guide"

[6erth6rind6ain]

honestly, I think I may have set it up and forgot about it.

either way, for some reason now, when I go to coinbase.com on my brave browser I don't automatically sign in anymore and can't sign in because of this authenticator issue.

but when I go to coinbase.com on my google chrome browser it automatically logs me in. Also, when I boot up my coinbase app on my phone, it automatically logs me in. However, when trying to login using my brave browser, I did click on some troubleshooting links due to not getting an authenticator code texted to me and now I'm waiting 72 hours for an email from coinbase. My account is in a 72 hour recovery process, though I can still log into it via my coinbase app on my phone or through my google chrome browser.

so despite all of this, I can still access my account via google chrome browser or the coinbase app on my phone, just as long as I don't ever manually logout on my google chrome browser or my coinbase app.

[CryptocurencyKing]

The 2-step verification process is an extra security and its advised you use it when dealing with a non custodian wallet like the once you have in exchanges. It gives you extra security against hacks not based on the exchange itself. The 2 step verification comes in several forms which encompasses phone number, mail and its got an app. All methods are good, as they work with creditials that are readily with you. I personally like using te authenticator app, it generates the OTP at random intervals, all you've got to do is have it synchronised with your account and time zone and your all set.

[6erth6rind6ain]

thanks. I was able to figure out what's going on. When I was exploring my security settings I saw an option to add an extra layer of security. It was the 2 step authenticator security feature. What I didn't understand was that I was going to have to download an app called google authenticator. I just used a youtube tutorial to help me learn how to setup that app, activiate that feature on my email settings, etc. I now got that app connected to my email account that's connected to my coinbase account, and this app is generating random sets of numbers every few minutes.

I went back to coinbase.com, tried to log in, and was prompted to enter the autenticator code, only for the codes not working.

I got an email back from coinbase support letting me know that I'm in that 72 hour period where my 2-step authentication is being reset.

So maybe that's why my codes are not working? This was a pain in the butt to figure out but I've made progress. I've gone from 'not knowing why I'm not getting codes via text message', to 'not knowing how to get the codes' via authenticator, to 'the codes not working'...and possibly because I'm waiting for the 2-step thingy to be reset.

So I guess I just got to wait out the 72 hour period.

But after that, am I correct to understand now that the way I login to coinbase is:

1. input email and coinbase password
2. input one of the randomly generated numbers in my google authenticator app on my iphone
3. then I'll be let into my account?

[o_e_l_e_o]

1. input email and coinbase password
2. input one of the randomly generated numbers in my google authenticator app on my iphone
3. then I'll be let into my account?

It's not a case of inputting any set of numbers that the Google Authenticator app generates. You have to enter a set specifically generated for Coinbase.

At some point in setting up the 2FA on your Coinbase account, you will be shown a QR code which you must scan with your Google Authenticator app. Once you do this, your app will generate a new 6 digit code every 30 seconds which is specific for Coinbase. When Coinbase asks for your 2FA code, you enter those Coinbase-specific 6 digits.

When you sign up to other websites, exchanges, etc., and activate 2FA on them, again they will show you a QR code which you scan with the Google Authenticator app, and it will also generate codes specific for those websites. Each website has its own specific code at any given time.

[6erth6rind6ain]

1. input email and coinbase password
2. input one of the randomly generated numbers in my google authenticator app on my iphone
3. then I'll be let into my account?

It's not a case of inputting any set of numbers that the Google Authenticator app generates. You have to enter a set specifically generated for Coinbase.

At some point in setting up the 2FA on your Coinbase account, you will be shown a QR code which you must scan with your Google Authenticator app. Once you do this, your app will generate a new 6 digit code every 30 seconds which is specific for Coinbase. When Coinbase asks for your 2FA code, you enter those Coinbase-specific 6 digits.

When you sign up to other websites, exchanges, etc., and activate 2FA on them, again they will show you a QR code which you scan with the Google Authenticator app, and it will also generate codes specific for those websites. Each website has its own specific code at any given time.

Interesting. Ok, yeah I remember it showing me that code. but I didn't understand it, which I guess is what I didn't specifically remember that until I read your reply. When coinbase originally showed me that code I didn't know google authenticator even existed, and therefore set my whole ordeal in motion lol. 

[6erth6rind6ain]

Well the 3 day waiting period is over and my authenticator was reset. I was able to use the google authenticator app on my phone and it's all fixed. I can logout/login as many times as I want on my brave browser and don't have any issues. 

[o_e_l_e_o]

Good stuff, glad you got it fixed!

What you need to do now is go through the process of backing up your 2FA codes, so you do not lose access to your Coinbase account or any other accounts you are using 2FA with should your phone get lost, damaged, stolen, or in one user's case that I saw, his phone auto-updated and wiped his 2FA app. There are some 2FA apps such as Aegis which allow you to export your database, but unfortunately Google Authenticator does not allow you to do this.

What you should be able to do is to choose to duplicate your 2FA on a second device (such as an old phone or tablet which never leaves your house). Even better, during the 2FA set up it should show you a long string of characters along with the QR code which you scanned with your 2FA - simply write down and keep safe this string of characters, and you can use them to recover your 2FA should you lose access to your phone.

[6erth6rind6ain]

Good stuff, glad you got it fixed!

What you need to do now is go through the process of backing up your 2FA codes, so you do not lose access to your Coinbase account or any other accounts you are using 2FA with should your phone get lost, damaged, stolen, or in one user's case that I saw, his phone auto-updated and wiped his 2FA app. There are some 2FA apps such as Aegis which allow you to export your database, but unfortunately Google Authenticator does not allow you to do this.

What you should be able to do is to choose to duplicate your 2FA on a second device (such as an old phone or tablet which never leaves your house). Even better, during the 2FA set up it should show you a long string of characters along with the QR code which you scanned with your 2FA - simply write down and keep safe this string of characters, and you can use them to recover your 2FA should you lose access to your phone.

nice, thanks for telling me that. will do

[6erth6rind6ain]

Good stuff, glad you got it fixed!

What you need to do now is go through the process of backing up your 2FA codes, so you do not lose access to your Coinbase account or any other accounts you are using 2FA with should your phone get lost, damaged, stolen, or in one user's case that I saw, his phone auto-updated and wiped his 2FA app. There are some 2FA apps such as Aegis which allow you to export your database, but unfortunately Google Authenticator does not allow you to do this.

What you should be able to do is to choose to duplicate your 2FA on a second device (such as an old phone or tablet which never leaves your house). Even better, during the 2FA set up it should show you a long string of characters along with the QR code which you scanned with your 2FA - simply write down and keep safe this string of characters, and you can use them to recover your 2FA should you lose access to your phone.

Wait, I just figured something out...your advice on how to find the 'string of characters' only works DURING the 2FA setup. I already re-setup my 2FA by the time I read your post. Now when I boot up my 2FA app I have two sets of codes: 1. For my email attached to my coinbase account, and 2. for my coinbase account. Is there still a way to find that string of characters so I can write it down or something? If so, how do I do that?

Worse case scenario I can start the 3 day process of resetting my 2FA all over again just to be able to write down the string of characters (I'd have to write it down because I don't have another device that's capable of using a 2FA app).

[o_e_l_e_o]

-snip-

I'm not entirely sure with Coinbase since I don't have a Coinbase account, but other sites let you set up your 2FA on more than one device. If you go through the process of setting it up on another device (even if you don't have another device to set it up on), it should display the QR code you scan along with the string of characters.

The other option is Google Authenticator itself, you can click on "Options" and then "Export Accounts". It won't actually create a file you can export, though, but instead show a QR code you are supposed to scan with another device. If you take a picture of that QR code, then you can use it to recover your accounts, but be aware that storing a digital picture of your back up is far less secure than an offline back up written on paper.