It looks like Coinbase is trying to protect their users a bit better. Two-factor authentication has been a powerful tool for users so far. However, the company is not too keen on Authy, by the look of things. In fact, Coinbase advises users to switch to Google Authenticator, An interesting turn of events, albeit a good security warning. It is evident Bitcoin users are always t risk of having their account breached on any platform.
Ditch Authy on Coinbase, Company Claims
It is quite interesting to see Coinbase advise users which 2FA tool they should use. A lot of users rely on text messages, which is never a good option. Additionally, the Authy tool is quite convenient, but the company warns users to switch anyway. Instead, Coinbase users should migrate to Google Authenticator. The company sent this advice out in an email to customers earlier this week. A rather strange message, but the advice is solid.
Tech-savvy users criticize this decision, though. There is nothing wrong with Authy whatsoever. Coinbase feels Authy is vulnerable to phone porting attacks. That is always a risk when using most mobile authentication solutions, unfortunately. Google Authenticator is one exception in this regard, according to the company. It is possible to make Authy behave more securely, though. Users can disable the multi device setting to ensure phone porting becomes a trivial issue.
Google Authenticator is a commonly used 2FA solution. Various other cryptocurrency exchanges have implemented support for this tool over the years. It is not necessarily good to see all companies flock to the same security solution, though. There is no reason for everyone in the world to use Google Authenticator, even though it should be the most secure solution at all times. Moreover, this begs the question why Coinbase decided to enable Authy support in the first place.
Whether or not this message will fall on deaf ears, remains to be seen. A lot of consumers are lax when it comes to upgrading their account security. Coinbase will disable Authy support soon, though. Users who log in to their account will be asked to set up the Google Authenticator as well. This will become a mandatory authentication solution in a few weeks from now. Not everyone will be pleased by this decision, but it appears to be the right one.
Header image courtesy of Shutterstock
Steven Schwartz 
Dallas H 
Ben Ickler 
My1 
Anthony Junk 
C.j. Allebach 
pmcarrion 
DT 
I hate google authenticator because it has lost accounts for me in the past when I lost a phone in a fire and the reset options lost all of my accounts instead of unlocking them for me, I do not trust it anymore. Authy works well for me, but I wish more companies would take a look at and consider an other option called clef.
Having the same source store your passwords and also do your 2FA is just a bad idea. Authy works well, but you are at risk for a similar issue if you can recover your accounts easily. The best advice would be to print out your QR codes and store them in a safe. You can easily add them back into a new device later too.
Clef is closing in July, so also not a good solution.
True but clef was pretty awesome though. I would love to see what had happened when it would have spread a bit more.
It should be up to the user to decide what they want to use. All you’re going to do here is alienate users.
You can still use authy with totp, but honestly the problem is that you need to trust a company you are not paying money with your codes, which is a thing you need to be careful about.
nothing against authy in general but a company needs to make money somehow.
Google isn’t much better but instead of using authy’s algorithm, which only works there, using the standard totp gives you a lot more options in what app to use.
For me GA wanted me to print out and store a code…no way!!! I’d end up losing the code and all my money!
Clef was acquired by Twilio and will probably be integrated into Authy.
The fact that the writer of this article thinks that coinbase can “turn off” authy support shows that he knows not how the technology works. To disable authy support, they would have to disable support for google auth also as they use identical systems and are completely compatible. I’m not suggesting one is greater than the other, only that both use the same time-dependent six digit code tech and the coinbase site could not possibly tell which one you are using. Tech articles from non tech people… ugh.