The Chief Information Security Officer at Coinbase, Philip Martin, has revealed that the firm has enabled its Coinbase and Coinbase Pro accounts to support securing Bitcoin and other crypto assets using U2F Security Keys – a safer, and somewhat ironclad alternative to SMS-based two-factor protection of accounts.
With SIM-based hacks picking up in pace and severity, and with crypto being so attractive to cyber criminals due to the pseudo-anonymity and general unfamiliarity associated with it, U2F protection via Security Keys are likely to become a necessary investment for any and all crypto investors who care about the safety of their assets.
Coinbase: Secure Your Bitcoin With U2F Security Keys
This week, San Francisco-based crypto giant Coinbase revealed that its customers can now secure their crypto assets and Bitcoin using Security Keys and WebAuthN.
Coinbase now supports security keys! Really excited to get this out the door and in the hands of our customers. https://t.co/4fpEb0z3WW
— Philip Martin (@SecurityGuyPhil) May 30, 2019
In a blog post shared by Chief Information Security Officer Philip Martin, the firm revealed that support for U2F (Universal 2nd Factor) has now been enabled. The completely optional feature arms crypto investors with the highest level of personal asset security – far safer and secure than traditional SMS-based two-factor authentication, and even safer than authenticator apps like Google Authenticator or Authy.
Related Reading | Google U2F Security Expert: Crypto is Like Catnip for Cyber Criminals
Coinbase calls Security Keys the “gold standard of modern account security,” and recommends users secure additional accounts using Security Keys, such as Twitter, Dropbox, Youtube, Instagram or Gmail – which oftentimes is tied to the login of crypto exchange accounts and acts as another backdoor for cyber criminals to access.
Why Crypto Investors Need To Consider U2F Security Keys
The emergence of Bitcoin ten years ago brought with it the creation of an entire new asset class in crypto. The young, budding financial technology has the potential to completely transform money as we know it. Bitcoin and most cryptocurrencies that came after it were designed to be decentralized, and borderless, with no controlling party that can intervene in transactions, freeze assets, and more the same way governments can govern the fiat currencies held by its citizens. But putting complete control, ownership, and therefore responsibility over significant wealth in the hands of the average person, is a recipe for disaster.
Even Coinbase concludes the”vast majority of theft is due to human error.”
In a recent Medium post entitled The Most Expensive Lesson Of My Life: Details of SIM Port Hack, the author, Sean Coonce, Engineering Leadership at BitGo – the self-proclaimed “leader in the storage of digital assets” – details an account where the developer had his entire crypto accounts drained in a SIM port hack.
Related Reading | Pro League of Legends Gamer Robbed of $200K in Crypto in Sim-Hack
SIM port hacks are an emerging trend where cyber criminals gain unauthorized access to a user’s phone number, which is then used to receive SMS-based two-factor codes allowing the hackers to access sensitive financial accounts and steal all of the crypto assets held there.
In this example, even a crypto industry developer working for the “leader” in the storage of crypto had his assets stolen right out from under his nose while he slept – it’s foolish to think it couldn’t happen to you.
By investing in a U2F Security Key, cyber criminals would need access to the physical Security Key to be able to access accounts secured using this method, bringing the highest level of protection possible. The downside is that the user will experience a minor inconvenience each time they need to log into an account, or may be locked out themselves if they don’t have immediate physical access to the Security Key. But it’s an inconvenience worth experiencing for the added safety and security.
Pro tip: The Ledger Nano S doubles as a security key, and can be used to secure even Gmail accounts.