One of the reasons that WhatsApp has been so successful and that it grew so quickly (leading to it being bought by Facebook for US$19 billion in 2014) is that it’s so incredibly easy to setup. I myself was amazed and impressed at how frictionless they’d made the process, when I finally gave in to the badgering from all my friends and first downloaded the app. No signup process – or at least none worth speaking of. No forms to fill in, no email address or username and password… just your phone number, wait for a code to be received (which your phone automatically grabs and fills in for you) and – bam! – you’re in.
The process is identical, and therefore just as easy, each time you get a new phone. Just enter your phone number, and within seconds you’re back as if nothing had ever changed.
However, simplicity is the enemy of security and the easy setup process can often render the “end-to-end encryption” somewhat redundant, meaning that if someone manages to persuade your mobile phone provider to issue them with a replacement SIM on your account via social engineering their support staff (and there have been cases of this happening) then it’s pretty easy, once the SIM arrives, for them to get into your WhatsApp account as if they were you. It’s for this reason that I’ve never really understood why the Government have historically put pressure on Facebook/WhatsApp to make them a secret backdoor (which is, and always will be, a terrible idea) when there’s another door swinging in the wind right there!
But anyway, I digress. Suffice it to say, that code that you get sent by WhatsApp, or any others you receive via SMS in the course of your daily life, is for YOU only and should NEVER be shared with anyone. Not even your closest friends and family. Why not? Because they’d never, ever have a legitimate reason for needing it, so if you were to get a request from your best friend for that code that’s just been sent to your phone… it’s almost certainly NOT your best friend asking.
How to Set Up Two-Factor Authentication on your WhatsApp Account
So, if you remember back to the first time you ever set up WhatsApp – or the last time you got a new phone – you’ll know that you never really “signed up” properly. Well, now’s the time to fix that and add your email address and a PIN (which, I guess, is effectively an account password) to your account. That way, even if someone gains control of your mobile phone number via your provider, they’ll be unable to get into – and lock you out of – your WhatsApp account.
It’s easy to get started; first you need to open up WhatsApp and make sure you’re on the main screen where all your chats are displayed:
Then tap the 3 dots in the top-right corner to bring up the menu, and tap Settings:
On the main WhatsApp settings screen, tap Account:
On the Account settings screen, tap on Two-step verification:
The next screen explains briefly what you’re about to set up. Tap the green ENABLE button at the bottom of the screen:
You’ll be asked to enter, and then confirm, a 6-digit PIN. The usual advice applies, so don’t make it 000000 or 111111 or 123456 (not that it would let you) and don’t use really obvious dates like your birthday.
The next stage is optional, but it’s strongly recommended. This will add your email address to your account so that if you ever forget your PIN, or need an email for another reason, you can be contacted and your identity confirmed that way. Enter your email address to continue:
Once you’ve done that, you should see this screen telling you that it was all successful:
Your WhatsApp Account is Now Secured with a PIN and Backup Email Address
Good work! In probably less than a minute, your WhatsApp account is now infinitely more secure from hackers and other fraudsters. If you go back into your settings for Two-step verification, you’ll see this:
To help ensure you don’t ever forget your PIN, you’ll be occasionally asked to enter it in whilst using WhatsApp, in order to keep it near the forefront of your mind.
Tell Everyone You Know to Secure Their WhatsApp Accounts, Too!
And there you are – account fixed and secured. The next step is to be a Good Samaritan and send this article to your friends and family, and share it on your social media channels so that everyone is made aware that it’s possible. If everyone secures their accounts, then it’s one less way that the bad guys can steal our data!
Click the social sharing buttons on screen now to spread the word and do your good deed for the day.