Philip Martin, the Chief Information Security Officer at Coinbase has just come out and said that they are enabling their Coinbase and Coinbase Pro accounts to support securing crypto assets using U2F Security Keys. We recommend all crypto users to consider this to help enhance user protection and avoid becoming part of a long line of cryptocurrency hacks.
U2F is an open authentication standard that enables internet users to securely access any number of online services with one single security key instantly and with no drivers or client software needed. U2F was created by Google and Yubico, and support from NXP, with the vision to take strong public key crypto to the mass market. U2F has been successfully deployed by large scale services, including Facebook, Gmail, Dropbox, GitHub, Salesforce.com, the UK government, and many more.
Further, the current techniques for bypassing 2FA can be mitigated with the adoption of U2F security keys. Despite some minor security flaws, Google argues that Titan keys are still more secure than relying on just a password for access, and true, an attacker has to to be within about 10 meters and has to launch their attack just as you press the button on your Titan key and needs to know your username and password in advance.
Security is not the only advantage of U2F, it’s privacy too. A U2F Security Key generates a new pair of keys for every service, and only the service stores the public key. With this approach, no secrets are shared between service providers, and an affordable U2F Security Key can support any number of services.
Additionally, it’s easy to use too. It works out-of-the-box thanks to native support in platforms and browsers including Chrome, Opera, and Mozilla, enabling instant authentication to any number of services. No codes to type or drivers to install. It comes at a cheap price point with all these features.