12.1 Password Security. To access Coinbase services, you need to create security details or get security details, including a username and password. You are responsible for keeping secure the electronic device through which you access the Coinbase Services and for ensuring adequate security and control over all security details you use to access the Coinbase Services. This includes taking all appropriate measures to prevent the loss, theft or misuse of such an electronic device and to ensure that such electronic device is both encrypted and password protected. To be authorized to use the Coinbase Services, you must be at least 18 years of age and reside in a country where the Coinbase Services are accessible. Please note that not all Coinbase services are available in all countries. The list of Coinbase services accessible by country is available under www.coinbase.com/global. 2.1 Business Rules. By accessing Coinbase Pro via: pro.coinbase.com or the Coinbase API, you agree to and be bound by the business rules set forth under www.coinbase.com/legal/trading_rules (the “Business Rules”). 12.2 Authentication and Verification.

To access the Coinbase Services, users must provide an email address and create a password. Coinbase offers two-factor authentication through a user`s mobile device (“SMS”) or a supported one-time password app. A verified phone number is required to enable two-factor authentication via SMS. I always receive the following in a red field when I sign in “Please accept the user agreement by visiting coinbase.com” This is possible by using a specific Microsoft 365 consent app that allows attackers to access the user`s email. These consent apps are actually Microsoft 365 OAuth apps….