It looks like Coinbase is trying to protect their users a bit better. Two-factor authentication has been a powerful tool for users so far. However, the company is not too keen on Authy, by the look of things. In fact, Coinbase advises users to switch to Google Authenticator, An interesting turn of events, albeit a good security warning. It is evident Bitcoin users are always t risk of having their account breached on any platform.
Ditch Authy on Coinbase, Company Claims
It is quite interesting to see Coinbase advise users which 2FA tool they should use. A lot of users rely on text messages, which is never a good option. Additionally, the Authy tool is quite convenient, but the company warns users to switch anyway. Instead, Coinbase users should migrate to Google Authenticator. The company sent this advice out in an email to customers earlier this week. A rather strange message, but the advice is solid.
Tech-savvy users criticize this decision, though. There is nothing wrong with Authy whatsoever. Coinbase feels Authy is vulnerable to phone porting attacks. That is always a risk when using most mobile authentication solutions, unfortunately. Google Authenticator is one exception in this regard, according to the company. It is possible to make Authy behave more securely, though. Users can disable the multi device setting to ensure phone porting becomes a trivial issue.
Google Authenticator is a commonly used 2FA solution. Various other cryptocurrency exchanges have implemented support for this tool over the years. It is not necessarily good to see all companies flock to the same security solution, though. There is no reason for everyone in the world to use Google Authenticator, even though it should be the most secure solution at all times. Moreover, this begs the question why Coinbase decided to enable Authy support in the first place.
Whether or not this message will fall on deaf ears, remains to be seen. A lot of consumers are lax when it comes to upgrading their account security. Coinbase will disable Authy support soon, though. Users who log in to their account will be asked to set up the Google Authenticator as well. This will become a mandatory authentication solution in a few weeks from now. Not everyone will be pleased by this decision, but it appears to be the right one.
Header image courtesy of Shutterstock