WhatsApp Launches The Two-Step Verification
WhatsApp, the popular free cross-platform messaging app, is today launching a two-step verification security feature for all users of the service.
The feature adds an additional layer of protection by requiring a passcode when resetting and verifying your account.
This combats a recent hack where if your phone number was hijacked somehow, your WhatsApp account would be available meaning crooks could freely read your private messages and conversations. Two Step Verification requires setting up a six-digit passcode and an optional backup email address.
Two Step Verification in WhatsApp prevents someone unscrupulous from stealing your SIM card (or otherwise taking over your phone number) and using that to take over your account and impersonate you. With two-step enabled, an account reset requires you to have access to the phone number and enter a six-digit passcode.
To enable Two Step Verification in WhatsApp, launch the application on your iPhone and navigate to the integrated settings. Tap on ‘Account’ and select ‘Two-Step verification’.
Then press the Enable button which will display the setup screen, as shown above. This screen asks you to pick a six-digit passcode which will you be required to enter anytime you register your phone number with the app, including when you upgrade phones. Therefore, it is important that the passcode is memorable.
After choosing a code, WhatsApp will also let you pick a backup email address in case your forgot your code. If you are locked out of your account, WhatsApp will be able to send a recovery email to this chosen address.
Although optional, adding an email is recommended as a fallback in case you cannot remember your passcode. Note: do not click on links in emails unless you specifically request it from WhatsApp.
Now, when you setup a new device and install WhatsApp, it will ask for this six-digit passcode in order to validate your identity. WhatsApp will also periodically ask for this same passcode when you launch the app — this helps you remember your code. You cannot disable this reminder feature without disabling the entire two-step verification.
As an additional safeguard, WhatsApp will not allow you to verify your phone number within seven days of using the service without the passcode. This means if you do not choose a recovery email, it will be impossible to verify your account without your code within seven days.
After the seven day period has elapsed, you can access your WhatsApp account again (even without a code) but all messages will be deleted.
If your number is verified on WhatsApp after 30 days of not using a passcode, the account will be deleted entirely. If this happens to you, you will have to setup a completely new account and start from scratch.
Download WhatsApp free from the App Store. Two-step verification is rolling out to all users now. The Guardian.