zaro

How do you use a Signal safety number?

Published in Signal Security 3 mins read

You use a Signal safety number primarily to verify that your communication with a contact is secure and hasn't been intercepted by a man-in-the-middle attack. Here's a breakdown of how to use it:

Understanding Safety Numbers

Each Signal conversation has a unique safety number that's based on a cryptographic key exchange. The safety number itself is a short, human-readable representation of these cryptographic keys. If the safety number changes, it indicates that either you or your contact reinstalled Signal, switched devices, or, potentially, that a third party is intercepting your messages.

Steps to Verify a Safety Number

  1. Open the Conversation: Start by opening the conversation with the contact whose safety number you want to verify.

  2. Access Safety Number Information: Tap on the contact's name at the top of the conversation. This will take you to the conversation settings. Look for an option labeled "View Safety Number" or similar wording. Select this option.

  3. Compare Safety Numbers: You will now see your safety number and a QR code. There are two primary ways to verify it:

    • In-Person Verification:

      • Scan QR Code: If you and your contact are physically present, the easiest method is to scan the QR code. On your phone, press the "Scan code" option within the safety number screen. Use your camera to scan the QR code displayed on your contact's phone. If the codes match, Signal will confirm that your connection is verified.

    • Out-of-Band Verification (If you cannot meet in person):

      • Compare Manually: If you and your contact cannot meet in person, you'll need to manually compare the safety number. Read your safety number to your contact, and have them read their safety number to you. Verify that the numbers match exactly. Important: Do this through a separate, trusted communication channel (e.g., a phone call, a different secure messaging app you already trust). Do not send the safety number through Signal itself before you've verified it! If the numbers match using an independent, trusted channel, your connection is secure.

  4. Mark as Verified: After you've verified the safety number (either via QR code or manual comparison), you can mark the contact as "Verified" within Signal. This helps you keep track of the contacts you've confirmed are secure.

What Happens if Safety Numbers Don't Match?

If the safety numbers don't match, it means that something has changed. It could be:

  • Your contact reinstalled Signal or switched to a new phone.
  • You reinstalled Signal or switched to a new phone.
  • A potential man-in-the-middle attack (though this is less likely).

In this situation, it's best to contact your friend through another secure method and confirm that they are still using the same device or account. Ask them if they have recently reinstalled Signal or got a new phone. If they confirm they have not made these changes, it could be a sign of a security risk, and both of you should be careful about the information you share via Signal.

Summary

Using a Signal safety number is a crucial step to ensure secure communication. By comparing safety numbers through a trusted channel, you can have confidence that your messages are being delivered only to your intended recipient.

← Previous Article
What is Acromioplasty Surgery?
Next Article →
What is the Work of DPM?