Facebook’s subsidiary WhatsApp has started to roll-out two-step authentication for all users. The feature allows users to add additional security to their account. After it was tested in a beta version of the chat app the feature is now gradually rolled out.
Two-step authentication adds an additional layer of protection to online accounts. Often this works through SMS, by sending a message with an unique code . Because the phone of the account holder is required it’s harder for hackers to login with only a (stolen) password.
When using WhatsApp for the first time, the chat app already confirms the phone number through SMS. Therefore WhatsApp uses a different method for two-step authentication. It requires a six digit code that the user has to set when the feature is enabled.
This code has to be entered weekly into WhatsApp to verify the identity of the user. This way WhatsApp hopes to prevent that the app is abused for long periods on e.g. a stolen smartphone.
The feature already received a fair amount of criticism as WhatsApp recommends to enter a valid email address so it can send a link to disable two-step authentication in case the six digit code is forgotten. Users feel that this way they might, in the end, also provide their email address to WhatsApp’s parent company Facebook. Others argue that entering an email address makes it easier for Facebook to link WhatsApp account data.
WhatsApp previously announced it would start sharing data with Facebook, unless users opt out. A German privacy watchdog later ruled that Facebook had to stop storing and using data of the about 35 million German users of WhatsApp.
Users that fear their privacy are advices to either not enter an email address or a different one than used for Facebook.
To enable two-step verification, open WhatsApp > Settings > Account > Two-step verification > Enable.