Coinbase Rolls Out Extensive Security Update

Computer-security
15 January 2014

Coinbase has announced the addition of several new security features designed to make its cold storage business even safer.

Over the past few months the company has spent time and resources implementing the new measures and increasing the percentage of coins held offline.

Key Splitting, more cold storage

Coinbase is now using a new “key splitting” scheme – distributing shared pieces of security keys to safe deposit boxes and vaults around the world.

This means that key holders are never located in the same geographical area. So, theoretically, there cannot be a “single point” of failure.

This is not exactly a new idea. Similar schemes have been used to safeguard nuclear weapons against accidental launch for decades and they work flawlessly, otherwise there would be nobody around at this moment to read this very article.

Coinbase‘s approach also ensures all keys are protected against loss, as all data is backed up with redundancy. The move also sees Coinbase increase the overall percentage of bitcoins it currently stores offline. Until now Coinbase stored approximately 90% of its funds offline, but now the number is closer to 97%.

Of course, the actual amount changes each day, depending on how many users deposit or withdraw their bitcoins.

Two-factor authentication

Coinbaselogo

Since most Coinbase users already have a phone integrated in their account, the addition of two-factor authentication comes as no surprise.

Two-factor authentication requires users to enter a verification code from their phones along with their regular password. Needless to say, this approach bolsters security even if users chose to make transactions from various computers accessible by others.

If a user chooses to send more than a certain amount (which can be set to different thresholds) out of their account, two-factor authentication will be required. Two-factor authentication will be required for any transaction over the threshold. This approach should allow users to make micro-transactions with relative ease, whilst adding another layer of security to larger transactions.

Two-factor authentication will also be deployed by the company to safeguard other sensitive actions. Coinbase’s blog post revealed:

“We have also added two-factor around various other actions on Coinbase, including recurring sends, API key actions, password changes, phone changes, Google Authenticator changes and SMS pin number changes.”

It is worth noting that two-factor authentication does not apply to Coinbase access via the API key or OAuth.

Coinbase has also overhauled its activities page, allowing users to keep track of open sessions, account activity and session history with relative ease.