1085 is related to this

My guess is that there really isn't anything that we can do about it. Sure, you can add in a password, but what happens when someone forgets it? Fall back to a second identifier like an email address or a landline? It repeats the same problem over and over again.

It's also important to note that account takeover isn't as bad in Signal's case as it is in Telegram.

• Signal does not store any message history on its servers (Telegram does).
• Signal always notifies if an identity key changes (Telegram doesn't use E2E crypto by default so this is not really applicable)
• Taking over an account still doesn't mean that the attacker can decrypt pending messages that were not yet delivered to the recipient/victim.
• This attack always will be highly targeted and easily detectable (and possibly outside the scope to which OWS would like to cater)

Thanks for the information Nicholas.

What happens when a second device is activated for a given user? Do they get notified?

As for passwords, that's a fair requirement. If you are concerned about someone forgetting it, maybe you can generate one-time "backup codes" that you can keep is a safe place and use in place of the password. Many 2-factor authentication systems have that.

Or maybe I can print my private key and use that for future authentication.

Anyway, having alternative ways of authentication can let us protect more users. It all depends on the threat model, so maybe those should be collected and clarified first.

@fortuna as nrizzio has pointed out, signal will always alert if a user uses a different identity, so there should be nothing a goverment agency can do. if they unlink and re-register, the account will have a new identity, and all contacts will notice.

Thanks but we're not going to do this, @nrizzio has a nice summary.

Now that even WhatsApp has it, Signal is the only major messenger not implementing it. Looks like the @nrizzio summary doesn't stop others from successfully implementing it for billions of users.

@moxie0 There is something i don't understand. Signal is against more options for power users. Reason for that is: _"The idea that some users "understand" concepts better than others has proven to be, for the most part, false"_. But at the same time it assumes people know what they must do with the safety numbers. There is a study, where it shows that even computer science students don't understand the basics of signal. I mean i understand the concept, and while it is true that we don't need 2 fac because of nrizzio's summary, u estimate that there are advanced users, wich understand the concept of safety numbers. Wich is definatly not the case. In some cases there are users that understand concepts better than other. Some cause they want some cause they need.

https://slashcrypto.org/data/when-signal-hits-the-fan-on-the-usability-and-security-of-state-of-the-art-secure-mobile-messaging.pdf

• Overall, 28 participants took part in our study (7 female,
  21 male), which lasted about 30-45 minutes. All of the
  participants were computer science students at the University
  of Vienna, the majority of whom were enrolled in an HCI
  course and recruited over that course. The only requirement
  for participation in the study was experience with the Android
  operating system. The students got a reward in the form of
  extra points for the HCI course.

• Our results showed that 21 of 28 participants failed to compare encryption keys to verify the identity of other users. _The majority of these users however believed
  they succeeded while in reality they failed._

The activity displaying the safety numbers was revised in #5646. This change to Signal was published after the study you mention. Now there are instructions how to verify those numbers.

How to verify safety numbers or keys or whatever you call them, is self explaining. Nobody in the study would have respond better with the new format. The people lack in interest for those things. "Safety number changed!" > "Ahh, my friend got a new phone or installed again"

I don't see why not to put another fence for protection.

Damn one time i freaked out when one of my buddies safety numbers changed. Searched him in his neigbourhood to ask him what happened, just to hear he switched phones.

I have an idea how we could put 3 things pretty well together: _encrypted backup_, _moving to another phone_ and _2Fac_. Let me put it together as a concept and you will see it is pretty nice. (2Fac could be optional, but tied to the encryption password wich can do an encrypted backup)

Users not understanding safety numbers is indeed a problem, but this is not related to 2factor authentication/protection against hostile carriers.

If you know a nice way to communicate the concept of an identity key (pair), what a identity key change means, and what the difference between encryption and authentication is, you should discuss this in a separate issue or the forum.

@Trolldemorted It is indeed not related, but here cited as a reason for not implementing it.

I do not understand the entire discussion, because I don't see any logical argument, to NOT implement a two-factor authentification.
While I understand, that Signal has a small team, and cannot compete with WhatsApp or other messengers in implementing features, it should really focus on security without making too many compromises.
So, if I miss a landscape mode (for people who hold their phones in landscape mode to write), this is annoying, but I can understand the situation: it is somewhere on a priority list...
When I miss a security feature, I have no understanding for this, because security is the right to exist, for Signal.
Now, nrizzio wrote, that you need an email address, in case you forgot the additional password or pin. Just look at the way, the second factor is implemented in other messengers, like WhatsApp. You CAN give an additional email, but you don't have to. So in case you are sure, that you will not forget the second factor password, you just leave it out. What happens then, if you do not give any additional password, and still forget the second factor pin? Then there is a blockade - you cannot verify WhatsApp again for 7 days.
This is in my opinion a good solution - if you wish more security, you chose a second factor and give no email. It is a little but important step.
The "verify safety numbers" is in my opinion not a great thing. First, it is optional. To make signal more secure, it should be mandatory. In addition, talking about Signal desktop, it was even off per default (at least last time I checked). But even if you make the verify safety numbers mandatory, most people will ignore it. Simply, because too many people have to (or just do?) re-install apps again and again, and so noone wonders, if this number changes.
A second factor, implemented similar to WhatsApp, will just bring a bit more security - isn' that worth to do it?

In my opinion, the entire Signal project makes only sense, if it is really focused to 100% on security. All other messengers make compromises, Signal should not.
Screen security - why an option? Make it mandatory.
Safety numbers - as said: better mandatory.

The main problem I have with Signal is, that just a very very people use it. And it becomes harder and harder, to convince people using Signal instead of WhatsApp. Just last week, I tried to convinced a friend. One day later, he wrote me: here, see, even the founder of Signal (@moxie) writes:
"We believe that WhatsApp remains a great choice for users concerned with the privacy of their message content."
Yes, I found it myself... and wonder: why do you write something like this?
Not only, that it stops people from switching to Signal, it is also - in my opinion - completely wrong! Because things like security and privacy are not restricted to encryption only, there are much more things important.
WhatsApp enables you to send an entire chat unencrypted as email to your googlemail address (just imagine a group chat with 10 people. How are the odds, that one fool sends everything to google afterwards?).
WhatsApp takes part on all backup solutions, like for example iCloud for iOS.
WhatsApp is not secure at all, and in my opinion no good solution for people concerned about privacy.

So, please make Signal to a security focused messenger, without compromises.

If you cannot type in landscape mode, you should open a seperate issue.

Making security numbers mandatory is not gonna work out. Users will learn which button makes signal shut up, and use it without thinking. What signal should do is encourage and "reward" verifying security numbers - 76c28cfa7a12b386ce5f62316247e843ceef3290 is a huge step into the right direction.

Mandatory screen security is terrible, i want to be able to make screenshots. It is my device and it has to do what i say.

And i still do not see how a second factor authentication should increase security.

@Trolldemorted
landscape mode: nah, I gave it up, this lacking feature (iOS app of Signal) is requested for years now....

Screen security: No, you misunderstood the feature. In the iOS app of Signal, you can activate screen security in the settings. If you activate it, YOU can still take screenshots, I also do it all the time. But the system can not take a screenshot, here from the explanation:
Enable Screen Security - When enabled, this shows a blue screen with the Signal logo if the iOS home button is double clicked and you are looking through your list of running apps.

Screen Security is obviously an important security feature, which does not let you lose anything, but the system will not take screenshots with decent information.

Second factor authentication:
Hrm. What don't you understand about it?
Without, someone who is able to redirect sms messages sent to you (police, your mobile provider, maybe a hacker...) could take his own device, install signal, give YOUR phone number, redirect the sms and register a signal account with your phone number.
When doing this for example while you sleep in the night or just do not work with signal right now, you will not realize it. Then, he can send messages to everyone, and they will think it is you, who writes. They will answer, maybe with confidential information, because they think talking to you.
In my opinion, a second factor is a MUST have for any system, that claims to be secure. And especially for all systems, who have sms (very unsecure!) as first factor.

Security numbers: If you do not want to have it mandatory, and if people (99% of all) really act as you describe, you can skip the entire feature. Then this is not improving security.....

Please move the discussion to the community forum for the sake of the contributors' email inboxes. Thanks.

@FrankStur if you are experiencing signal-ios only bugs, this is hardly the right place. Also don't expect ppl subscribing to Signal-Android's repo to know what screen security is supposed to be on iOS.

SFA:
First of all, if you ignore identity key changes, it is your own fault. Second, if you want the 2nd factor to be mandatory to re-register with a given phone number, then you will run into situation where the previous owner of your phone number used signal with SFA and you cannot register unless the owner of the email agrees.

But yeah, you should take questions and discussions to the subreddit or the forum.