The Signal messaging app is getting a new security feature called Signal PINs, allowing users to secure their cloud-stored information in a way not available to anyone else, and that includes the company making the app.
More and more messaging apps are using true encrypted communications, so it’s no longer an exotic feature. But what happens with that data when a user changes the phone or reinstalls the operating system? It relies on the company building the app to store profile information, and that means that private data could be available to other parties as well.
The new Signal PIN comes with a couple important features. First, the new PIN lets users take ownership of their profile data, which means that if they lose that PIN, they won’t be able to recover their profile from the server.
The PIN can either be a four-digit number or an alphanumeric sequence, whichever the user prefers. More importantly, the developers and the company making the app don’t know the PIN. If the user forgets it, it’s lost forever.
The second feature is just as important, as Signal moves away from addressing based on phone numbers. More precisely, users won’t need a phone number to install Signal. On top of that, it’s a security measure as well.
“PINs will also help facilitate new features like addressing that isn’t based exclusively on phone numbers since the system address book will no longer be a viable way to maintain your network of contacts,” reads the announcement from Signal.
The rollout for this feature is gradual, along with the requirement for the phone number, but it shows that, when it comes to privacy and security, messaging apps still have work to do.
*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Silviu STAHIE. Read the original post at: https://hotforsecurity.bitdefender.com/blog/signal-introduces-pins-slowly-moves-to-end-reliance-on-phone-numbers-as-security-measure-23341.html