Signal secures all your conversations with end-to-end encryption, offering more privacy and security than your average chat app. But Signal offers some other useful security options. Here’s how to take advantage of them.
Enable Registration Lock to Protect Your Signal Account
Your Signal account is tied to your phone number, with no need for a password at all. When you first register for Signal (or re-register a device at a later stage), Signal will verify who you are by sending a code to your number. Enter the code to prove you are who you say you are and you’re good to go.
But what happens if someone gets access to your phone number? While this might seem like an unlikely eventuality, it’s within the realm of possibility. Someone could steal your smartphone’s SIM card or fool your phone service provider into transferring your number to a new SIM using social engineering techniques.
With access to your phone number, someone could gain access to your entire Signal account. They couldn’t see your old conversations—but they could impersonate you or receive messages that were only intended for you. Depending on what you use Signal for, this could be inconvenient, embarrassing, or utterly devastating.
Fortunately, you can enable Registration Lock within Signal so that any attempts at re-registering your phone number also require your PIN. It’s really important that you pick a memorable PIN in this case. It’s advisable not to write this down. If you must, be sure to store it somewhere secure, like inside a password manager.
To enable Registration Lock, launch Signal, then tap on your profile icon in the top-left corner of the screen. Choose Privacy, then enable Registration Lock and read the warning. Signal will advise you that if you get your PIN wrong when trying to re-register, you’ll be locked out of your account for a week.
Verify Who You Are Talking To
Unlike other messaging apps, Signal lets you verify who you are speaking to using a set of codes known as Safety Numbers. To see the Safety Numbers for a conversation, tap on the contact’s name at the top of a conversation and choose View Safety Number on the next screen.
The best way to verify that the person you are speaking to on Signal is the person they claim to be is by verifying their identity in person. Both people should open the corresponding conversation, tap on the other party’s name, then choose “View Safety Numbers.”
From here, you can compare the numbers that you see on your screen to verify that you are both taking part in the same conversation. Tap on the QR code to launch the camera to scan a partner’s number (or vice versa) to speed up the process. You can then mark the contact as verified using the button at the bottom of the screen.
This ensures that there’s no man-in-the-middle attack going on, too. You know you’re talking directly to a particular person.
If you can’t meet in person, the second-best way is to share numbers via another trusted platform. This could be an email address that only the other party has access to, another messaging app, or even a phone or video call. Remember that any interaction where you can’t see the other person carries some risk of them not being who they say they are.
For friends, family, and other casual associates, this may seem like overkill. For journalists looking to verify a source’s identity or prospective business partners discussing a top-secret deal, it can provide that added reassurance you need to chat in confidence.
Use Disappearing Messages to Avoid Leaving a Trail
Signal lets you send self-destructing messages that will delete themselves after a period of time of your choice. This is enabled on a per conversation basis and applies to all messages in the chat. As soon as a message has been seen, the self-destruct timer will begin.
To enable Disappearing Messages, launch Signal and tap on a conversation. Tap on your contact’s name at the top of the screen to reveal the chat settings. Enable Disappearing Messages, then drag the slider to set your desired interval. You can choose a time as low as five seconds and as long as a week.
This applies to messages you send and receive. Make sure you make a note of any important information or media stored in the chat before it disappears.
Bear in mind that the message recipient can always take a screenshot of the message—or take a photo of their device’s screen—before it vanishes.
Notifications May Breach Your Privacy
Depending on your smartphone of choice, your notifications may give away a lot of information about you. Many modern smartphones use facial recognition and fingerprint identification to quickly unlock your device. This allows your device to hide the contents of incoming notifications until your identity has been confirmed.
But this isn’t necessarily true of all devices, and some smartphone users will turn the setting off. Messages you receive could be sensitive. Fortunately, both the Android and iPhone versions of Signal allow you to obscure notification content as an app setting.
To hide notification content within Signal, launch the app, then tap on your profile icon in the top-left corner of the screen. From here, tap “Notifications,” followed by “Show” under Notification Content. On the next screen, you can make several choices:
- Name, Content, and Actions: This is the default setting, which hides nothing in notifications.
- Name Only: This hides the contents of the message but displays who it is from.
- No Name or Content: This hides everything, including the name and the message (recommended).
Lock the Signal App and Hide Content in the App Switcher
If you’d like an additional layer of security on top of a system-level passcode and biometric locks, consider locking the Signal app, too. When you do this, you’ll need to unlock both your device and the app whenever you want to use it. This is particularly useful if you want to hand someone your phone without worrying about whether they’ll get into your Signal account.
To lock Signal, launch the app and tap on your user icon in the top-left corner of the screen. Tap on Privacy, then enable Screen Lock and choose a suitable timeout duration. This is how long Signal will allow before requiring that you unlock the app again.
Once that’s enabled, Signal can be unlocked using the same method you would use to unlock your device at a system level. This uses your device passcode or biometric information like facial recognition and fingerprint identification.
While you’re in the Privacy menu, you might also want to enable Screen Security. This prevents any information from being displayed when you’re switching apps. As opposed to a thumbnail of the last conversation you had, you will now see a blue screen with the Signal logo instead.
Be aware that enabling Screen Security on Android will prevent you from taking screenshots of the app, too.
More Security Tweaks for iPhone Users
Signal for iPhone has two additional settings that you might want to disable for maximum privacy. The first is “Show Calls in Recents,” which allows calls made and received via Signal to appear in your iPhone’s main call list. This information is also uploaded to iCloud (if you are using it) and mirrored across devices.
The second is “Show in Suggestions,” which uses your Signal chats as suggested sharing locations when tapping the system-wide Share button. This could be useful if you use Signal first and foremost, but it will also reveal contact names outside of Signal.
If you’d like to turn either of these settings off, you can find them by launching Signal and tapping your user icon in the top-left corner of the screen followed by Privacy.
Remotely Sign out Linked Devices
You can connect up to five additional devices to Signal in addition to your main smartphone. If you’re using Signal for security purposes, we recommend keeping the app to just your smartphone. If you do link another device, you can sever ties with that login immediately from your main Signal device.
To do this, launch Signal and tap on your user icon in the top-left corner of the screen. Tap on “Linked Devices” and find the device you would like to remotely sign out, Swipe left, tap Unlink, then confirm your choice to complete the sign-out.
Want to Use Signal Anonymously? Register Another Number
Signal uses your phone number to identify you, which means that you never need a password. This is useful, but what do you do if you want to speak to someone without revealing your phone number?
The answer is to get another number and sign up with that secondary phone number. You can either grab a “virtual” number from a service like Google Voice, or you can get your hands on a “burner” SIM from a number that isn’t linked to your real identity. If you want to use both your existing phone number and an “anonymous” number, you will need two phones.
Take Precautions to Secure Your Smartphone, Too
If you don’t keep your main smartphone secure, you could be leaving yourself open to all sorts of problems. You can start by making sure that your device is up to date. To install any available updates on your operating system, do one of the following depending on your device:
- iPhone: Launch your iPhone’s Settings app, and navigate to General > Software Update.
- Android: Launch the Android System menu, and navigate to About phone > System updates.
In addition to this, make sure that your iPhone or Android device has a passcode and any relevant biometric authentication methods set up. If you are using your device without a passcode, you are effectively handing the keys to your email and other accounts to any would-be attackers.
Finally, make sure that you aren’t leaking information via software keyboards. On Android, you can launch Signal, tap on your user icon in the top-left corner, then navigate to Privacy > Incognito keyboard and enable the feature.
For iPhone or iPad users, this is done via the system’s Settings > General > Keyboard > Keyboards menu. If you haven’t installed any third-party keyboards, you don’t need to worry about this. If you have, you can either opt to use the stock keyboard while typing in Signal or make sure that “Allow Full Access” is disabled under keyboard settings.
Make Sure That Contacts Take Security Seriously, Too
If you’re using Signal to communicate privately, make sure that anyone you are conversing with is taking the same strict approach to privacy and security. Why not share this article with them?
Learn more about what makes Signal so great!