The secure instant messaging app Signal was released this week with a new feature called "Signal PINs," which the company says will help users migrate account data between devices.
Signal says that in the long run, this new feature is the basis and the first step towards moving away from using phone numbers as IDs.
The new Signal PIN profile feature is already live and available to everyone users of Signal. The feature can be enabled in the Signal section Settings, in unit Privacy and in the selection Signal PIN.
Once activated, users will be asked to create a PIN code that will be associated with their account. The PIN can be anything from a four-digit number to a long alphanumeric string.
The PIN code will be used to encrypt profile information, account settings and local contacts, and then download a copy of data on Signal's servers.
When users lose a device or want to move to a new phone, the signal PIN will allow them to easily relocate some of the profile data them on the new device.
The developers also clarified that the new PIN mechanism does not cover Signal conversations, which will not be created as backups on Signal's servers, which the company said it would not do.
The developers said that despite storing certain user data on their servers, they cannot access and view any of this data without knowing its PIN. user.
This also means that the PIN is not recoverable in case the user forgets it. To make sure users don't forget their PIN, h company said he intended to ask them users re-enter their PIN at regular intervals, which will become less frequent over time (12 hours, 1 day, 3 days, 7 days, 14 days).
In addition, Signal's team said the PIN could also be used to enforce a "registration lock" and prevent malicious threats from entering the victim's phone number into another device.
However, the registration lock is not permanent and expires after seven days of inactivity. Once the registration lock expires, the users they will be able to register their Signal account on a new device, even if they forget their PIN.
This registration lock period prevents intruders from invading Signal accounts actively used by them. holders but also avoids locking legitimate users from their accounts.
In a post on Tuesday, Signal said the new PIN mechanism is the basis for other features to be added in the future. More specifically, the PIN will allow the company to move away from using phone numbers as a user ID.
Even though the company has been praised for running one of the most secure instant messaging options known to date, it has also been repeatedly criticized for using phone numbers as "usernames", which in some cases can expose identities. of interlocutors if a device is found in the wrong hands.