NCC recommends two-factor authentication to secure WhatsApp

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has recommended the Two-Factor Authentication (2FA) for WhatsApp users.

NCC’s Director of Public Affairs, Dr Reuben Muoka yesterday in a statement said this was to avoid falling victims to account takeover by hackers.

Muoka according to the News Agency of Nigeria (NAN) said NCC-CSIRT noted that WhatsApp, which is a meta-owned service is increasingly becoming a prime target for hackers and scammers who are always looking for ways to gain unauthorised access to users’ accounts.

He said that CSIRT described 2FA as an identity and access management security method that requires two forms of identification to access resources and data.

He quoted the advisory as saying: “In the world of messaging apps, one of the most popular and recognisable is WhatsApp.

“WhatsApp is 100 per cent free to use, has a great mobile app, and supports audio and video calls.

“Whether you rely on WhatsApp for all your messaging needs or just use it from time to time, it is recommended to set it up with (2FA).

“With this enabled, you will need to enter a custom PIN every time you log into WhatsApp from a new device, adding an extra layer of security to your account.

“The Team said, 2FA gives businesses or people the ability to monitor and help safeguard their most vulnerable information and networks.

“The 2FA is important because it prevents cybercriminals from stealing, destroying, or accessing your internal data records for their own use.”

Mouka said that the recommendation further states that, “WhatsApp provides two-factor authentication so you can further secure your account using a PIN.

“It is an optional feature that adds more security to your WhatsApp account, so it is recommended that everyone installs 2FA.”

He also said that the CSIRT stated ten steps for enabling 2FA on WhatsApp, which include: Open WhatsApp, tap settings, tap account, tap Two-Step Verification, tap enable,

Mouka said: “Enter the six-digit PIN you wish to use, tap next, then enter it a second time to confirm it, tap Next, add an email address for extra security and then tap next.’’

“For those concerned that their PIN might have been compromised or is easy to guess, they can change their WhatsApp PIN or email address by tapping settings.

“Two-Step Verification, tapping Change PIN or Change Email Address, Entering a new PIN or email address, and then tapping ‘next’ to effect the necessary changes.”

He said that the CSIRT telecom sector’s cyber security incidence center set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.

He said CSIRT also works collaboratively with ngCERT, established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.