Account Takeover (ATO) is the silent killer of online security. Between password megalists, massive PII breaches and ever more sophisticated attackers, it's becoming almost impossible to help regular users to thread the needle of a usable, but secure, experience. Coinbase is one of, if not the, largest single store of consumer cryptocurrency in the world. Attackers have enormous motivation to target our customers, and we have enormous motivation to defend our customers. This has resulted in a flurry of innovation over the past few years, on both sides. In this talk, I'll give a look behind the scenes on how Coinbase protects our customers, encourages them to be more secure and handles everything from phone porting to SIM swapping to credential stuffing. I'll also share a view into where we see attackers actively innovating. You will walk away with a window into what ATO may look like in the years to come and some specific, actionable steps you can take to protect your customers right now.