The latest Signal updates introduce an optional way to re-register your Signal account on a new phone or reinstall Signal on an existing phone. Instead of waiting for an SMS code to arrive (and sometimes having to switch to a different app in order to see it) the new process is faster and easier, and it's just as secure too. Here's how it works:
- Signal stores a token using the key-value data store on Android (if available), or the iCloud key-value store on iOS (if available).
- This token, when combined with your Signal PIN, can prove that you were the most-recent owner of a given phone number, which lets us skip sending an SMS code. In other words, the combination of the token and Signal PIN can replace the SMS code.
- The token itself does not provide any information about you or your account to anyone else, and it's only used for the purpose of enabling re-registration.
Note: If you cannot remember your Signal PIN, you can tap the “Skip” button in the top-right corner to go through the traditional SMS verification flow instead.
For those interested in a bit more information about the Signal PIN re-registration process:
- Tokens are immediately invalidated if you or someone else goes through the registration process (e.g. by completing SMS verification).
- They are also invalidated if you delete your account.
- Only the last token that successfully registered with that number is valid.
- The token is useless without knowing the correct Signal PIN.
- Registration Lock isn’t affected by any of these updates. You only need to enter your Signal PIN once.