WhatsApp rolls out two-factor authentication security
WhatsApp’s 1.2 billion users will now have access to two-step verification, which means if someone else gets hold of their device or phone number, their messages will be safe.
The feature was first launched in the beta version of the app last year and started to roll out to users last week on WhatsApp’s iOS, Android and Windows apps.
“Two-step verification is an optional feature that adds more security to your account… Any attempt to verify your phone number on WhatsApp must be accompanied by the six-digit passcode that you created using this feature,” the firm explained when it was testing the feature.
Once turned on, users will have to enter the passcode every time they register their phone number with WhatsApp again – for instance if they buy a new device.
The method was described by The Wall Street Journal as “one of the best safeguards any online service can offer.”
Most firms like Google and even parent Facebook already offer the measure, also known as two-factor authentication, but in their case it works differently: a code is generated in an app or sent via text rather than be set by the user.
In the case of WhatsApp, users will have to remember their passcode, or set up a backup email through which they can disable the feature if they forget the code. The feature can also be disabled from within the app, without a passcode.
In order for two-step authentication to work, users will have to log out of WhatsApp when they are not using it.
If a user forgets their passcode and doesn’t have a back up email to disable the feature they will have to wait seven days to get back into the app.
WhatsApp also said it will regularly ask users for the code to help them remember it.
In a bid to up security, WhatsApp launched end-to-end encryption last year.
In a recent interview with Mobile World Live, Tim Gallagher of SafeSwiss said WhatsApp “has done an absolutely remarkable job introducing encryption to the masses in an extremely short timeframe” but was critical of its announcement that it was sharing user data with parent Facebook, describing it “is a complete contradiction of earlier promises.” The move has faced a severe backlash.