Industry News

Snapchat users: If you care about your privacy at all, read this

Being a middle-aged man with no friends who would be interested in seeing photographs of myself in the nude, I have not embraced the Snapchat phenomenon.

But that’s not to say that I haven’t witnessed just how popular it is with smartphone-loving teens, exhibitionists and pranksters.

And so I’m pleased to hear that the popular Android and iPhone app has belatedly added an optional additional layer of security in the form of “Login verification”.

Login verification, or two-factor authentication if you prefer, means that you can tell the app to always send you an SMS code when you log into your Snapchat account from a new device.

snapchat-2fa

This means that even if a pranking friend, voyeur or fraudster manages to determine your Snapchat password – they won’t be able to log into your account (and potentially see intimate snaps meant for your eyes only) as they won’t know your secret SMS code.

Of course, that won’t be any protection if they happen to steal your actual smartphone – sorry about that.

Similar two-step verification systems exist for other social networking apps, and are generally a good idea to enable as history has shown us that human beings are notoriously bad with their passwords (either not keeping them private, or choosing bad ones in the first place).

On its support pages, Snapchat says that Login Verification is an optional feature that will make accounts more secure.

Of course, the fact that it’s optional means that the vast majority of Snapchat users will never turn on the feature.

As if teens taking naked photos of their private parts care about privacy…

However, adding the feature means that Snapchat can say that it provides a mechanism for protecting its users and shrug off any further responsibility.

If Snapchat really truly cared about its users, they would enforce the use of login verification on new accounts – explaining how it’s an important safety measure that can protect the privacy of accounts with the minimum of disruption.

But they didn’t do that.

To enable Snapchat’s new Login Verification feature, just follow these steps:

  • Tap the ghost icon at the top of your camera screen
  • Tap the Settings gear in the top right hand corner of your Profile screen
  • Tap ‘Login Verification’ under the ‘My Account’ section
  • Tap the ‘Continue’ button
  • Enter the verification code sent to your mobile phone and tap ‘Continue’
  • Once you have completed the login verification process, your device will remain a verified device until you elect to forget it.

Additionally, Snapchat is providing a mechanism for forgetting verified devices, should you lose or decide to sell on an old smartphone.

Finally, if you’re a Snapchat user and you made it this far into the article – congratulations! There’s hope for you yet…

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

2 Comments

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • “Finally, if you’re a Snapchat user and you made it this far into the article – congratulations! There’s hope for you yet…”

    That was a brilliant ending. While many who use it (snapchat) probably wouldn’t make it that far (which only makes the ending better), and maybe fewer understand the point directly, humour is always appreciated.

  • Thanks for this – although I had the latest versin of the app it hadn’t been brought to my attentio nthat they’ve added this feature. It’d have been nicer if they gave an in-app alert to tell users of their nifty new feature.

    In addition to the Login Verification and forgetting verified device, they’ve also added the ability to generate a one-time recovery code to be used if you lose your phone or change your mobile number.

    I’d advise users that it’s really important generate this otherwise they could find themselves unable to get into their accounts. Secondary authentication methods like this that rely on possessing something have the ability to completely screw you over if you permanently lose that something.

    The Recovery Code option is available through the same Login Verification menu mentioned in the article.

    John (a Snapshat user who’s never sent or received nudes!)