Coinbase is of the largest exchanges in the world, and it did not get there by using half measures. Their security is top notch, but even the best security systems in the world are prone to human error.
That is why Coinbase believes that education is the best way to lessen the evils of everyday hacking attempts. In the world of cryptocurrency, where transactions are irreversible, security takes a much higher priority than in other financial sectors where the system is more… malleable.
This article will be your guide on how to keep your funds safe from attack using Coinbase as your exchange. However, all the information presented here is applicable to any good exchange that offers similar measures such as 2FA and Vaults. These practices will help you in general, because no company is completely secure and keeping up your security is an extremely important act all over the world wide web.
Passwords: Protect Yourself by switching it up
There are far too many people who think they have found “the one” password that is good enough to stop hackers and is also easy to remember. Well, that is exactly what malicious hackers want you to think.
If your password is the same across a number of services and has stayed the same for longer than 6-12 months there is a very good chance there is someone out there with your username and password.
There have been so many high profile breaches of digital security this year alone, that it is never worth keeping the same password for longer than a few months. It doesn't even have to be wholesale change – just enough to keep anyone who might have gotten your email address and password off of a shady dark web dealer.
This is especially important for your email address. If someone gets ahold of your email account password they can reset the passwords to any other account, including cryptocurrency exchanges.
There is currently no system on earth that can identify when someone genuinely needs a password reset and when a hacker has requested it from the same address. So it is of vital importance to change up your email password at least every few months.
2FA can be a life-saver even it is a time waster
there are many times when Two Factor Authentication can be a real waste of time. Having to input a code just to get into your email or your Coinbase account can seem so frustrating when nothing has happened to warrant it.
That all changes with the first time someone tries to access your account, with your password for the first time. The suspicious activity notification when you are not trying to get into your account is enough to know that someone, somewhere has access to one of your passwords linked to the email they are trying to use to access Coinbase.
Once you have that first shock, you will never ever again think it is a waste of time. That doesn't mean that 2 Factor Authentication is 100% trustworthy. Two options when it comes to 2FA are SMS codes and having an authenticator app.
The first option is an SMS authenticator where a company sends you an SMS every time you log in. This great but if you are a high value target, it is relatively easy enough to hack with methods such as a sim swap or a phone port.
That is why an authenticator works best – it is an app that generates a code on your device locally that matches up to the generated code on the server. The only problem here is if your device is stolen or someone has access to it. They would then be able to take your authenticator backup, which is called a TOTP Seed.
They would then use that to generate codes that match up to the server at will, giving them persistent access to your account.
However, authenticators are still more secure than SMS codes, so long as you keep them relatively safe. Many people buy a device that only functions as their authenticator and nothing else so that it does not get stolen or misplaced.
It is never connected to the internet (apart from installing the authenticator) so has less of a chance to be abused by malicious code from zero-day attacks.
Vaults are your friend
If you keep funds for longer time periods, then it would also be wise to use a vault. Coinbase offers a vault service to its pro members and its function by requiring multiple email authentications and has a 48-hour window in which the transaction can be stopped for any reason.
If you are a hodler, or just want to keep a certain portion of your rainy day money in Bitcoin, then investing in a vault would be well worth the effort and time spent on it.