Snapchat Offers Users Optional Two-Factor Authentication

2015-06-11T16:30:00
ID SNAPCHAT-OFFERS-USERS-OPTIONAL-TWO-FACTOR-AUTHENTICATION/113288
Type threatpost
Reporter Michael Mimoso
Modified 2015-06-11T20:30:14

Description

Snapchat’s popularity with teens doesn’t run in parallel with the opinion of security and privacy professionals wary of its practices in guarding users’ data.

With the release of the latest version of the photo and video sharing app, Snapchat added an optional two-factor authentication feature that could begin to mend those fences.

Related Posts

Privacy Groups File FTC Complaint over WhatsApp Data Sharing with Facebook

August 30, 2016 , 12:23 pm

Emergency iOS Update Patches Zero Days Used by Government Spyware

August 25, 2016 , 5:33 pm

Tor Update Fixes ReachableAddresses Problem

August 25, 2016 , 9:22 am

Called Login Verification, Snapchat’s version of 2FA is a one-time SMS password sent to a mobile device that when used in conjunction with a user’s password beefs up authentication.

Being optional, it remains to be seen whether users will take the extra step to lock down the security of their accounts and privacy of their “snaps.” The addition of Login Verification comes days after Apple’s announcement that iOS 9, the next version of its mobile operating system, will require six-digit passcodes and introduce two-factor authentication. The difference between the two is that Apple’s extra 2FA security measure will be required, unlike Snapchat.

Apple has been rolling out two-factor authentication for a number of its services, including iTunes and its iCloud cloud storage services. The latter came on the heels of the infamous celebrity photo leaks, where personal photos were allegedly stolen from the iCloud accounts of the famous victims.

Like Snapchat, Apple uses a two-step verification that does not require a hardware token or biometric. But it adds another roadblock for attackers trying to take over users’ accounts.

Snapchat users who choose to enable Login Verification put another hurdle in the way of hackers, who would not only need to have the user’s password, but also physical access to the phone in order to get the SMS verification code.

Users with multiple devices can also use the service to verify additional phones or tablets, for example. There is also a Recovery Code option that can be used if a device is lost or an account holder changes their mobile number. In a related feature, users can also forget a previously verified device if it is lost or stolen.

Snapchat said users running the latest version of the app can enable Login Verification through their Settings and tapping Login Verification under My Account. From there , the verification code is sent to the mobile phone number associated with the account and must be used the next time the user logs in.

Thirteen months ago, Snapchat settled charges levied by the U.S. Federal Trade Commission following a 2014 breach that led to the loss of 4.6 million users’ data. The FTC said Snapchat misrepresented the supposedly ephemeral nature of the messages users send and failed to take adequate security precautions with the data it collects.