WhatsApp is implementing a new two-step verification process to boost security for users. The optional security feature significantly increases the hurdles that a third-party would have to get over to break into a user’s account.

The feature, which has been in testing since November, is rolling out in stages. To turn on two-step verification, users need to log in to WhatsApp, navigate to Settings, then Account and enable Two-step verification.

If activated, users will need to enter a six-digit security code in addition to their phone number and text message or voice call verification. They will also be asked to enter their security code once every seven days. Should users forget their security code, they can register an email address with WhatsApp and use it to turn off two-step verification.

WhatsApp said : “We do not verify this email address to confirm its accuracy. We highly recommend you provide an accurate email address so that you’re not locked out of your account if you forget your passcode.”

Users who do not register an email address with WhatsApp will be able to log back into the service if they forget their two-step passcode, but only after seven days of last using WhatsApp.

WhatsApp said: “After seven days, your number will be permitted to reverify on WhatsApp without your passcode, but you will lose all pending messages upon reverifying — they will be deleted. If your number is reverified on WhatsApp after 30 days of last using WhatsApp, and without your passcode, your account will be deleted and a new one will be created upon successfully reverifying.”

The roll out of the improved security comes weeks after the revelation of a vulnerability in the implementation of WhatsApp’s encryption protocols.

via:  enterprise-security-today