How to protect your Signal account with Registration Lock

Abraham Smith

Earlier this week, Signal uncovered that attackers had access to phone numbers of 1,900 users. Signal is one of the most highly encrypted messaging apps out there, which thankfully prevented the attackers from accessing anyone’s message history or profile information.

The attackers used Twilio, an SMS verification service, as the entry point for their attack. Current and former Twilio employees received phishing messages suggesting their passwords had expired — and some of them fell for it, leaving employee accounts compromised.

While two-factor authentication via SMS offers some protection against hacks and other cyberattacks, it cannot protect users from every angle. Luckily for us, Signal has a built-in feature called Registry Lock that can take your protection to the extreme.

How to enable Signal’s registration lock

Signal’s registration lock feature adds an extra step each time a new device tries to sign in with your account information. An attacker could theoretically have access to your password and SMS verification code and still be unable to add your Signal account to their app.

Every time you (or someone else) tries to register your phone number in Signal, the app will ask for your Signal PIN. This is a code you created when setting up your Signal account. You can change your Signal PIN at any time in the Accounts settings menu.

Follow these steps to turn on Registry Lock.

Enable registration lock so no one can access your signal without your PIN.Matt Will / Entrance

  • Click on your profile picture in the top left and open the settings menu.
  • Open the account menu.
  • Toggle the Registration Lock button.

Remember your PIN or let yourself be locked out

Before you enable Registration Lock, make sure you’re familiar with the Signal PIN associated with your account. It should be a number – no matter how long or short you want – that you can remember very well. Once Registration Lock has been activated, you can be locked out of your Signal account for up to 7 days after entering the incorrect PIN.

Thanks to Signal’s top-notch end-to-end encryption protocols, an attacker who gained access to your account wouldn’t even be able to retrieve your chat history. However, you could send and receive new messages and calls as if they were your own. Registration Lock – a unique feature of Signal – should stop all attackers before they even get to that point.

Leave a Reply

Your email address will not be published. Required fields are marked *