WhatsApp has released a new two-step verification (2SV) feature that allows its 1.2 billion users to verify themselves on a new device.
The maker of the end-to-end encrypted messaging app announced the new feature back in November 2016. At that time, it was available only to members of its beta program. Fortunately, it didn’t take long for WhatsApp to open the security measure up to all of its users.
Regular readers now all about what two-step verification entails. It’s an expansion of single-factor authentication (SFA) by which someone authenticates themselves using something they know, something they have, or something they are. 2SV adds another step to this authentication process.
Most 2SV implementations require users to enter two things they know: a password and a code obtained on their mobile device. In that sense, it is NOT two-factor authentication (2FA) in that it doesn’t require a user to employ two different means of authentication.
For a more detailed explanation of the differences between 2SV and 2FA, please click here.
Fortunately for us, lots of web services now give users the option of enabling 2SV on their accounts. But they mostly don’t implement this feature the same way as other services.
Most recently, Facebook has also begun using Login Approvals where a user can simply click “Yes” or “No” to verify whether they were attempting to log into their accounts.
It’s therefore perhaps no surprise that WhatsApp’s new feature doesn’t adhere to any of these other implementations.
When a user decides to activate 2SV, the encrypted messaging app prompts them to create a six-digit code that they can use to verify themselves when they move their account to another device. This feature means a user doesn’t have to set up another WhatsApp account each time they get a new device. It also prevents attackers from moving a user’s account to another phone without their consent.
Now what happens if a user forgets that code? Don’t worry. WhatsApp has accounted for that:
“Upon enabling this feature, you can also optionally enter your email address. This email address will allow WhatsApp to send you a link via email to disable two-step verification in case you ever forget your six-digit passcode, and also to help safeguard your account. We do not verify this email address to confirm its accuracy. We highly recommend you provide an accurate email address so that you’re not locked out of your account if you forget your passcode.”
Simple enough, right?
Okay, let’s set this feature up. Here’s how you do it:
- Open WhatsApp on your device.
- Near the top right corner of the app’s display window is an icon consisting of three dots arranged in a vertical line. Click on it.
- A drop-down menu will appear. Click on Settings. It should be near the bottom of the menu.
- The settings page will appear. Click Account > Two-step verification.
- Enter in a 6-digit code and then confirm it.
- Provide WhatsApp with a legitimate recovery email and confirm it.
- And you’re done! You can navigate back to that page if you ever want to change your 2SV PIN, change your email, or disable the feature entirely.
Don’t delay. If you’re a WhatsApp user you should enable this feature to better secure your account.
- Two-factor authentication (2FA) versus two-step verification (2SV)
- How to better protect your Facebook account from hackers
- How to better protect your Twitter account from hackers
- How to enable two-step verification (2SV) on your WhatsApp Account
- How to protect your Amazon account with two-step verification (2SV)
- How to better protect your Google account with two-step Verification (2SV)
- How to protect your Dropbox account with two-step verification (2SV)
- How to protect your Office 365 users with multi-factor authentication
- How to protect your Microsoft account with two-step verification (2SV)
- How to better protect your Tumblr account from hackers with 2SV
- How to protect your LinkedIn account from hackers with two-step verification (2SV)
- How to protect your PayPal account with two-step verification (2SV)
- How to protect your Yahoo account with two-step verification (2SV)
- How to protect your Apple ID account against hackers
- How to better protect your Google account with two-step verification and Google Authenticator
- How to protect your Hootsuite account from hackers
- How to better protect your Instagram account with two-step verification (2SV)
- Instagram finally supports third-party 2FA apps for greater account security
- How to protect your Nintendo account from hackers with two-step verification (2SV)
- How to better protect your Roblox account from hackers with two-step verification (2SV)
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.