July 21, 2022

Telegram security: how to protect your messenger account

Here’s what to do to make it harder to hack you.

Turn on two-factor authentication

You need two-factor authentication in any service, messenger or social network to secure authorization by separating it into different steps. With it, hacking one part will prevent intruders from accessing the other, and you will notice and prevent the login attempt if you are not related to it.

To enable two-factor authentication in Telegram, go to Settings. The item you want is called “Privacy” on Android or “Cloud Password” on iOS.


Open this section and set a password and email to receive it. Preferably, it should be complex and different from the ones you have used before. Importantly, it is better to remember it rather than write it down. Or keep it separate from other authorized information to better secure your account.

Telegram also has an option to set up a second authorization factor recovery via email. But if you also have access to email on your phone, the second factor becomes meaningless.

Check your active sessions

And don’t leave your information on someone else’s devices. If you need to sign in to your account from another computer or phone, remember to sign out and check later to make sure you’ve logged out. Open your settings, click “Devices,” and end any active sessions on devices that you no longer have access to or don’t recognize.

active sessions

Avoid social engineering

In simple terms, social engineering is when scammers try to get your data in a fraudulent way. They make duplicate sites, forms, write emails on behalf of banks, messengers and other organizations that you trust, and so on.

To avoid problems with leaking your confidential information:

  • do not open suspicious links and applications;
  • download only official messenger apps: Telegram for iOS and Android or Telegram X, which only works on Android;
  • after following a link, look carefully at the domain of the page in the address bar. In the case of Telegram, this is telegram.org, not, for example, telegram-tg.org or something similar.
  • do not enter your details or Telegram codes on third-party sites;
  • be careful to reply to messages from accounts not in your phone book;
  • check whether Telegram actually texts you when you receive such messages in the messenger.

Any Telegram administration account has this blue checkmark

Watch bots and their permissions carefully

A bot with misconfigured permissions can do a lot of harm to a channel or a group. For example, it may block users. To avoid problems, keep a close eye on the bots you add, and only give them the minimum rights you need.

In addition, it makes sense to prohibit the inclusion of you in groups and channels for everyone except your contacts. In this way, you will reduce the amount of spam and other unnecessary information in the messenger as much as possible.

bot rights

Hide your phone number

In messengers, it is possible to import contacts to check whether an account is registered to a specific number.

This feature is useful exactly until the moment when unscrupulous organizations start creating messenger user bases for various purposes, the most innocuous of which is marketing mailings.

To avoid finding yourself in such a database one day, hide your phone number in the privacy settings.

hode phone

Create a separate account for large groups and channels

It’s better to admin one or more popular groups or channels from a separate account.

It’s not only easier to keep your privacy, it’s also more convenient to keep work-related issues and personal correspondence separate.

Start your own Telegram store bot at telegr.store

© Alex Smirnov 2022