Snapchat is hugely popular with teens and young adults as a way to send short-lived photo and video messages, but it hasn’t won many fans in the security business.
In the past couple of years, Snapchat has run into trouble with the US Federal Trade Commission for its deceptive marketing practices, and was blasted by security researchers for really poor security of users’ account information.
More recently, however, Snapchat has picked up its security game in a big way – notably, since April 2014 when it hired a new director of information security, ex-Googler Jad Boutros, who says he is building a “culture of security” at the company.
On Monday, Snapchat released version 9.9.0 of the app for Android and iOS, with an optional new security feature called Login Verification that helps prevent unauthorized account access.
This kind of extra protection is especially relevant now that Snapchat is offering additional services such as Snapcash, to help prevent a thief from logging in as you and sending money from your account to another Snapchat account.
Once enabled, Login Verification requires users to enter a one-time code when logging in from a new device (in addition to their password).
This type of verification, also known as two-factor authentication (or for Apple accounts, two-step verification) makes it doubly hard for an imposter to access your account.
Because the verification code is sent via SMS text message to the phone number linked to the account, a snoop would need to have access to your phone as well as knowing your username and password combination to log in as you.
You can also use the Login Verification setting to verify additional devices, or to request a Recovery Code you can enter for logging in from an unverified device in case of a lost or stolen phone.
If you want to use Snapchat on, for example, your iPhone and your iPad, or manage your account online from your Mac, you can verify all of those devices – but a thief with your username and password signing in from another device wouldn’t be able to log in without a verification code.
And if you’re worried about someone else getting access from one of your verified devices, you can also “forget” previously verified devices from the Login Verification setting.
Here at Naked Security, we haven’t found many occasions to give Snapchat a pat on the back, but we’re happy with these additions for better security.
Snapchat should do everything it can to encourage people to use them.
Learn more about two-factor authentication
Two-factor authentication (or “2FA”) is not a foolproof defense against unauthorized account access – but we highly recommend turning it on wherever possible.
Sophos experts and Naked Security writers Paul Ducklin and Chester Wisniewski investigate 2FA in an episode of their popular (and award-winning) weekly podcast.
Chet and Duck explain the different types of 2FA, and they also look candidly at the downsides.
Have a listen using the audio player below.
(Audio player not working? Download to listen offline, or listen on Soundcloud.)
Image of Snapchat on mobile device courtesy of focal point / Shutterstock.com.