If you’re a fan of the secure text messaging app Signal (and you should be), there are a few things you need to know about using it properly. From The Intercept:

Lock Down Your Phone

Common sense thing #1. There is no point to having a (more) secure texting app if your phone doesn’t even have a passcode on it. And I don’t mean a 4-digit PIN that matches your birthday or ATM pin, either. Use the full QWERY keyboard password option. Yeah, it’s less convenient. Security always is.

And for the love of all that’s holy, don’t use the Touch ID/fingerprint option. That’s just asking for trouble.

Hide Signal Messages on Your Lock Screen

If you’re worried about people seeing your private texts enough to use Signal, then it stands to reason that it’s pretty stupid to allow the content of your texts to show up on your locked phone screen. At the very least, make it so the content doesn’t show. If you’re truly security conscious, you may want to disable notifications on your lock screen completely.

Verify That You’re Talking to the Right Person

Makes sense, right? Man in the middle attacks, interceptions, taps, you name it and it’s happening. If you’re trying to talk to someone about something, somewhere, someone is trying to listen to it. Signal has identity verification for the people you’re talking to. Use it.

Archive/Delete Messages

Okay so you installed Signal, put a password on your phone, turned off notifications. You can text and text now, right? Sure…as long as you don’t leave the texts on your phone. Layered security is called that for a reason. If someone IS able to get into your phone, there should be nothing for them to find…at least in your Signal. When you’re done, archive it. Delete it. Get rid of it.

The original article has a how-to guide for all of the above. Go read it. And if you’re still using Wickr…..might want to think about that.

Clef two-factor authentication