Signal to move away from using phone numbers as user IDs

Signal launches profile PINs, the first step in supporting Signal user accounts that are not tied to phone numbers.

Signal PIN

Secure instant messaging app Signal launched this week a new feature called "Signal PINs" which the company says will help users migrate account data between devices.

Signal says that in the long run, this new feature is the base and the first step towards moving away from using phone numbers as profile IDs.

How Signal PINs work

The new Signal profile PIN feature is already live and available for all Signal users. The feature can be enabled in the Signal Settings section, under Privacy, and the Signal PIN option.

signal-pin-settings.jpg

Once enabled, users will be asked to create a PIN code that will be associated with their account. The PIN can be anything from a four-digit number to a long alpha-numerical string.

The PIN code will be used to encrypt profile information, account settings, and local contacts, and then upload a copy of the data on Signal's servers.

When users lose a device or want to move to a new phone, the Signal PIN will allow them to easily migrate some of their profile data to the new device.

Signal devs also clarified that the new PIN mechanism doesn't cover Signal conversations, which won't be backed up on Signal's servers, something the company has always said it won't do.

Developers said that despite storing some user data on their servers, they cannot access and view any of this data without knowing the user's PIN.

This also means that the Signal PIN is unrecoverable in the event a user forgets it. To make sure users don't forget their PIN, the company said it plans to prompt users to re-enter their PIN at regular intervals, which will get less frequent over time (12 hours, 1 day, 3 days, 7 days, 14 days).

PIN can be used as a registration lock as well

In addition, the Signal team said the PIN could also be used to enforce a "registration lock" and prevent malicious threat actors from registering a victim's phone number on another device.

However, the registration lock is not permanent and expires after seven days of inactivity. Once the registration lock expires, users will be able to register their Signal account on a new device, even if they forgot their PIN.

This registration lock expiration period prevents attackers from hijacking Signal accounts that are actively used by their owners but also avoids locking legitimate users out of their accounts.

Moving away from phone numbers as IDs

In a blog post on Tuesday, Signal said the new PIN mechanism is the base of other features that will be added in the future. More specifically, the Signal PIN will allow the company to move away from using phone numbers as user identifiers.

Even if the company has been lauded for running one of the most secure instant messaging clients known to date, Signal has also been criticized on multiple occasions for using phone numbers as "usernames," which in some situations can expose the identities of conversation partners in the case of a seized device.