Facebook’s WhatsApp messaging service
is incredibly easy to set up, but this easy setup process means that your
account is open to abuse if you’re not careful. Thankfully, it’s fairly simple
to enable an extra layer of security on your account, which means that you
won’t lose it if your six-digit activation code gets compromised.
These security options unfortunately
won’t stop you from a serious hack such as the one that hit
Amazon CEO Jeff Bezos. What it will do is offer another layer of protection if
someone manages to trick you into sharing your security code, which is a
process known as “social hacking.”
If you need any convincing about why
it’s a good idea to use this extra security, then allow me to share a friend’s
recent experience about what can go wrong when you don’t.
Bleary-eyed one Sunday morning, she
received a WhatsApp message from a close friend that asked if she could forward
over a six-digit code that she was just about to receive via SMS. Without
thinking, and because she trusted her friend, she sent over the code and
suddenly found herself logged out of her WhatsApp account.
NEVER SHARE YOUR SIX-DIGIT WHATSAPP VERIFICATION CODE WITH ANYONE
You probably realized what happened.
That wasn’t just any six-digit code; it was the six-digit code that WhatsApp
sends to your mobile number via SMS to associate with your WhatsApp account. In
sharing that number, my friend had inadvertently allowed the attacker to log in
to her account.
Since her attacker now had control of
her account, they were then able to send messages from it to any contacts she
was in the same group chat with. That’s how the attacker was able to ask for my
friend’s six-digit verification code via another friend’s number; they’d gained
control of that account as well and used it to message every contact they
could, trying to rope them into the scam.
In theory, having your WhatsApp
account taken over should be a fairly easy situation to resolve: just enter
your phone number into the app and have it send you another six-digit code. The
problem is that hackers can spam your number with a bunch of incorrect
six-digit codes so that you get locked out of your account for up to 12 hours.
Then, if you hadn’t set up a PIN of your own, this leaves an attacker free to
set up one of their own on your account, locking you out for seven days in total.
That’s why it’s so important to
remember these two rules:
- Never share your six-digit WhatsApp code with
anyone — not your parents, not your best friend, and definitely
not your sibling. No one will ever have a legitimate reason to ask for the
code that WhatsApp sends you over SMS, so don’t even think about sharing
it.
- Should the worst happen, then setting up a PIN will act
as another barrier to stop someone from being able to sign in to your
account, and it will stop this nightmare from happening to you.
HOW TO SECURE YOUR WHATSAPP ACCOUNT
Somewhat confusingly, the PIN is also
six digits long. In order to set it up:
- Open WhatsApp and tap the three dots on the top right of
the screen
- Hit “Settings” > “Account” and then pick “Two-step
verification”
- Hit “Enable,” and then pick your six-digit PIN. The
gallery of screenshots below will walk you through the whole process.
- This next step isn’t mandatory, but adding an email
address will allow you to recover your account if you forget your PIN.
WhatsApp will periodically ask you for your PIN while you’re using it so
that you don’t easily forget it, but we’d still recommend having a backup.
One more thing: it would be remiss of
us if we didn’t mention that, in the past, Facebook (WhatsApp’s parent company)
has gotten in trouble for using
phone numbers provided for two-factor authentication for ad-targeting. The Federal Trade
Commission told the company to stop
the practice last year. When we asked WhatsApp, it categorically denied that
it does this with its backup email addresses, and we think the benefits of
providing an email address outweigh the risks.
0 Comments