This morning, Scott Shapiro, the Product Director at CoinBase sent out a tweet that definitely got everyone's attention. The tweet is word-for-word what I made the title of this post - don't use a VPN to access CoinBase. Here's the tweet:
The recommendation that Scott makes in this tweet is one that I think we're going to see more and more companies making over the next year - move to a physical security key. The reality is, far too many people still use SMS as their two-factor authentication method and this hasn't been safe for a long time. Heck, CNet put out an article back in June of 2021 about it.
Why is SMS so unsafe, here's the dets:
Lately I've been seeing a lot of people posting on X with screenshots showing that they're locked out of their CoinBase account. In many cases I'm finding that these tweets are coming from digital nomads, who travel a ton, and thus, use a VPN to increase their security. The problem is, as Scott highlighted this morning - they're being flagged by CoinBase for doing exactly that."Hackers have been able to trick carriers into porting a phone number to a new device in a move called a SIM swap. It could be as easy as knowing your phone number and the last four digits of your Social Security number, data that tends to get leaked from time to time from banks and large corporations. Once a hacker has redirected your phone number, they no longer need your physical phone in order to gain access to your 2FA codes." (Source - CNet)
My guess is that CoinBase won't be the only company making a statement like this. As more and more people travel and work remotely, VPNs are only becoming a pretty standard security measure...but, since almost all hackers and scammers also use VPNs it's incredibly challenging for companies trying to keep your data, and/or money secure.
It definitely feels like there's a nice big juicy problem for a startup to solve - maybe a new kind of VPN that requires some type of identity verification? Or maybe physical security keys really are the answer and VPNs will eventually go the way of the dodo.
For those who do want to max out the security of their CoinBase account and prevent themselves from getting flagged as a potential scammer/hacker. Here's what your Account Security section should look like:
If this blog post helps even one person either not get hacked, or not get locked out of their account then it will have served a purpose. Thanks for reading and happy Tuesday!