Whatsapp offered two-step verification as a solution to strengthen account security from cyber hijackers. At first glance, it was similar to two-step verification offered by email service providers. But Whatsapp has ignored one significant difference between Whatsapp and email services.
Email service provider has ultimate control on user’s email addresses. The two-step verification allows users to safeguard their email from hijackers. Every email address is unique and no one else will own the same email address, ever. Most email service providers, like Gmail, Yahoo Mail, Hotmail, do not re-cycle the email address. When the user deactivates the email service, the email address will not be offered again. Whatsapp does not have any control on their user mobile numbers. The user’s mobile number is supplied by the user and its validity is controlled by the telecom companies. It is a nightmare when Whatsapp tries to apply two-step verification to safeguard account security. Soon or later, Whatsapp will realise its two-step verification is chaotic to manage and disaster waiting to happen.
Mobile numbers are ultimately controlled by telecom service providers around the world. People signed up mobile service at telecom companies and get their mobile numbers. When they cancel their service, they lose their mobile numbers. Telecom companies will then offer the mobile numbers to other people to use. The mobile numbers are re-cycled from time to time. Of course, some people use the same number for the rest of their life. However, there are significant number of people who change their mobile numbers from time to time.
If the ex-owners set up two-step verification for their Whatsapp and they do not voluntarily delete their Whatsapp service when they lose their mobile numbers, the new owners cannot to sign up the Whatsapp service even though they rightfully own their mobile numbers.
This may not be a problem at the moment. It may affect limited people now as most users have not enabled two-step verification. However, as the account hijack intensifies. More people enable the two-step verification. It would be a big problem a few years later. When more and more mobile numbers are re-cycled by the telecom, the new owners will not be able to sign up their Whatsapp service. There is no obvious solution to break the deadlock. Whatsapp is digging a big hole for itself. The same disaster will also strike WeChat and Line, which also have 2-step verification.