Signal secures all your conversations with end-to-end encryption, offering more privacy and security than your average chat app. But Signal offers some other useful security options. Here’s how to take advantage of them.
Enable Registration Lock to Protect Your Signal Account
Your Signal account is tied to your phone number, with no need for a password at all. When you first register for Signal (or re-register a device at a later stage), Signal will verify who you are by sending a code to your number. Enter the code to prove you are who you say you are and you’re good to go.
But what happens if someone gets access to your phone number? While this might seem like an unlikely eventuality, it’s within the realm of possibility. Someone could steal your smartphone’s SIM card or fool your phone service provider into transferring your number to a new SIM using social engineering techniques.
With access to your phone number, someone could gain access to your entire Signal account. They couldn’t see your old conversations—but they could impersonate you or receive messages that were only intended for you. Depending on what you use Signal for, this could be inconvenient, embarrassing, or utterly devastating.
Fortunately, you can enable Registration Lock within Signal so that any attempts at re-registering your phone number also require your PIN. It’s really important that you pick a memorable PIN in this case. It’s advisable not to write this down. If you must, be sure to store it somewhere secure, like inside a password manager.
To enable Registration Lock, launch Signal, then tap on your profile icon in the top-left corner of the screen. Choose Privacy, then enable Registration Lock and read the warning. Signal will advise you that if you get your PIN wrong when trying to re-register, you’ll be locked out of your account for a week.
Verify Who You Are Talking To
Unlike other messaging apps, Signal lets you verify who you are speaking to using a set of codes known as Safety Numbers. To see the Safety Numbers for a conversation, tap on the contact’s name at the top of a conversation and choose View Safety Number on the next screen.
The best way to verify that the person you are speaking to on Signal is the person they claim to be is by verifying their identity in person. Both people should open the corresponding conversation, tap on the other party’s name, then choose “View Safety Numbers.”
From here, you can compare the numbers that you see on your screen to verify that you are both taking part in the same conversation. Tap on the QR code to launch the camera to scan a partner’s number (or vice versa) to speed up the process. You can then mark the contact as verified using the button at the bottom of the screen.
This ensures that there’s no man-in-the-middle attack going on, too. You know you’re talking directly to a particular person.
If you can’t meet in person, the second-best way is to share numbers via another trusted platform. This could be an email address that only the other party has access to, another messaging app, or even a phone or video call. Remember that any interaction where you can’t see the other person carries some risk of them not being who they say they are.
For friends, family, and other casual associates, this may seem like overkill. For journalists looking to verify a source’s identity or prospective business partners discussing a top-secret deal, it can provide that added reassurance you need to chat in confidence.
Use Disappearing Messages to Avoid Leaving a Trail
Signal lets you send self-destructing messages that will delete themselves after a period of time of your choice. This is enabled on a per conversation basis and applies to all messages in the chat. As soon as a message has been seen, the self-destruct timer will begin.
To enable Disappearing Messages, launch Signal and tap on a conversation. Tap on your contact’s name at the top of the screen to reveal the chat settings. Enable Disappearing Messages, then drag the slider to set your desired interval. You can choose a time as low as five seconds and as long as a week…..Read More>>