Secure your messaging apps
If you use Signal or WhatsApp then you need to check if you have added a PIN and registration lock.
These aren’t just some mythical things not to worry yourself about because they are optional settings, just like locking your door isn’t. Hopefully you use that feature of you door as well as the PIN and registration lock.
Why is it important?
A well known journalist had their signal account compromised. This could have been avoided had they enabled registration lock. How a Third-Party SMS Service Was Used to Take Over Signal Accounts
Your PIN can recover your profile, settings, contacts, and who you’ve blocked if you ever lose or switch devices. A PIN can also serve as a registration lock to prevent others from registering your number on your behalf. This helps in SIM swapping attacks where a criminal convinces a phone company to redirect your mobile number to them.
To turn on, or check you have a PIN set up, go to:
Signal Settings > Account
If you have a PIN there should be a change PIN option and you can enable PIN reminders. PIN reminders are useful as Signal will keep asking you for your PIN from time to time so you don’t forget it. In this settings menu is also the toggle for Registration Lock. Make sure it is on.
More info on Signal Support Centre
This was also covered in the Signal secure hardening guide
Called two-step verification, like Signal, you have an option to set up a PIN. WhatsApp also allows you optionally, to give a backup email address that they can email you a reset link, should you forget your PIN. WhatsAPP will ask for your PIN from time to time, unlike Signal, this isn’t optional.
To turn it on go to settings:
Account > Two-step verification > Enable