Due to its popularity, the Facebook-owned app is also vulnerable to abuse. Cases of hijacked WhatsApp accounts have flourished throughout the year.(Shutterstock/Ink Drop)

With 2 billion users per month, WhatsApp is the most widely used chat platform in the world today. It is very easy to set up and use, only requires small space on the phone and is convenient for sharing various kinds of files.

However, due to its popularity, the Facebook-owned app is also vulnerable to abuse. Cases of hijacked WhatsApp accounts have flourished throughout the year. The most recent example was probably the case involving activist Ravio Patra, who claimed his WhatsApp account was taken over by an unknown hacker on April 22 and later used to broadcast a provocative message to several other accounts unbeknown to him.

Information technology security specialist Alfons Tanujaya said that the easiest way to give extra protection to your WhatsApp account was to use the “two-step verification” feature on the app.

“If you use the two-step verification [feature], technically it's already very safe from hijacking,” he recently told The Jakarta Post over text message.

To enable the feature, open WhatsApp and tap the three dots on the top of the screen. Then hit “Settings”, “Account” and then tap “Two-step verification”. Click “Enable” and then create a six-digit PIN.

Never share you six-digit WhatsApp code with anyone, not even your parents or your significant other. Furthermore, you also can add an email address to recover your account should you forget your PIN.

According to Alfons, to hijack a WhatsApp account protected by the two-step verification the hijacker has to rely on the account owner’s negligence.

“Therefore, even if our WhatsApp account has been hijacked, for example because we accidentally gave away our authorization PIN, the account won’t be able to be opened by the hijacker because they have to enter the six PIN numbers of the two-step verification,” he said.

Legally, the most authorized person to keep a WhatsApp account is the person who holds the SIM card with which the account is registered.

“If our WhatsApp account is hijacked but you still have the SIM card, you can simply uninstall and reinstall WhatsApp, then enter your phone number. WhatsApp will send an authorization code via SMS, which you can simply enter to access the app. Automatically, you will regain the account authorization and the account on the hijacker’s device will be logged out,” he said.

“That’s why it is important to keep hold of your SIM card. If you want to switch number, please make sure you migrate your WhatsApp to the new number and deactivate the old one,” he added.

Alfons said the “two-step verification” security system was technically impossible to penetrate by computerized technology.

“When you enter the wrong PIN, you have to wait five minutes before you enter another one. If you enter the wrong PIN for the second time you have to wait for 10 minutes. After the third wrong PIN you have to wait for 20 minutes,” he said. “Meanwhile the hijacker has to enter a six-digit PIN with total probability of one in a million.”

Besides enabling the six-digit PIN, you also can use biometrics to secure your account. Fingerprint and Face ID lock are effective in avoiding account hijacking.

To enable the feature, go to “Settings”, “Account” and then “Privacy”. Scroll to the bottommost of the list, and then tap “Fingerprint Lock” then enable the “Unlock with Fingerprint” option. Afterward, touch the fingerprint sensor on the phone to confirm your fingerprint.

On iPhone devices, you can use Touch or Face ID, depending on the device that you own. To enable the feature, open WhatsApp and follow similar steps except choose “Screen Lock” after “Privacy”. Here, enable the “Require Face ID” or “Require Touch ID” option.

Besides protecting your account from being taken over by unwanted parties, you also can prevent people from freely adding you to chat groups.

Chat groups are fun if you are in them with your closest buddies, and convenient for work coordination with colleagues. However, if you give your number to a salesperson, you might end up in several promotional groups.

To avoid being added to unwanted groups, go to “Settings”, “Account”, “Privacy”, “Groups” and then tap “Nobody”. (kes)