In the past couple of years, Snapchat has run into trouble with the US Federal Trade Commission for its deceptive marketing practices, and was blasted by security researchers for really poor security of users’ account information.
More recently, however, Snapchat has picked up its security game in a big way – notably, since April 2014 when it hired a new director of information security, ex-Googler Jad Boutros, who says he is building a “culture of security” at the company.
This kind of extra protection is especially relevant now that Snapchat is offering additional services such as Snapcash, to help prevent a thief from logging in as you and sending money from your account to another Snapchat account.
Once enabled, Login Verification requires users to enter a one-time code when logging in from a new device (in addition to their password).
Because the verification code is sent via SMS text message to the phone number linked to the account, a snoop would need to have access to your phone as well as knowing your username and password combination to log in as you.
You can also use the Login Verification setting to verify additional devices, or to request a Recovery Code you can enter for logging in from an unverified device in case of a lost or stolen phone.
If you want to use Snapchat on, for example, your iPhone and your iPad, or manage your account online from your Mac, you can verify all of those devices – but a thief with your username and password signing in from another device wouldn’t be able to log in without a verification code.
And if you’re worried about someone else getting access from one of your verified devices, you can also “forget” previously verified devices from the Login Verification setting.
Here at Naked Security, we haven’t found many occasions to give Snapchat a pat on the back, but we’re happy with these additions for better security.
Snapchat should do everything it can to encourage people to use them.
Learn more about two-factor authentication
Two-factor authentication (or “2FA”) is not a foolproof defense against unauthorized account access – but we highly recommend turning it on wherever possible.
Chet and Duck explain the different types of 2FA, and they also look candidly at the downsides.
Have a listen using the audio player below.