- Feb 6, 2017
- 154
WhatsApp improves message security with two-step verification
- Thread starter Wingman
- Start date
- Feb 13, 2017
- 1,486
A few days ago I tried this new feature but I've found something wrong.
This additional security layer should provide greater security and the inability to use the vulnerabilities of the SS7 protocol (to steal a WhatsApp account)
WhatsApp 2FA is implemented via pin/password and, according to my experience, 2FA protection via pin/password, is only required in a particular action, in this case, the authorisation to enable a new device. The code chosen by the user doesn't have to be requested periodically, otherwise significantly increases the risk that this code might be exposed, and then compromise!
WhatsApp has instead decided to periodically requires the user to enter the 2FA code when it would be appropriate to require it only to the activation of a new device.
This additional security layer should provide greater security and the inability to use the vulnerabilities of the SS7 protocol (to steal a WhatsApp account)
WhatsApp 2FA is implemented via pin/password and, according to my experience, 2FA protection via pin/password, is only required in a particular action, in this case, the authorisation to enable a new device. The code chosen by the user doesn't have to be requested periodically, otherwise significantly increases the risk that this code might be exposed, and then compromise!
WhatsApp has instead decided to periodically requires the user to enter the 2FA code when it would be appropriate to require it only to the activation of a new device.
Similar threads
