Set up 2FA
You need to set up two-factor authentication to protect your account against hijacking. The primary login method uses a one-time code sent by text, so Telegram lets you set a password as the second factor. In case someone manages to SIM swap you, Telegram will prompt them for a password in order to access your account, instead of just letting them in based on having access to the phone number.To do so, on the Privacy and Security tab, select Two-Step Verification (Telegram’s term for 2FA), and set a strong combination. You will rarely enter this password in, so make sure that you store it somewhere safe, like in a password manager, so you won’t forget it.The consequences of forgetting that password are stark. You’ll have to reset your account. In essence, that means submitting a request to remove your account completely, after which you will have to wait seven days. After a week, the account will be deleted (including associated contacts, cloud chats, and channel subscriptions), at which point you will be able to create a new, empty account using the same phone number.
Check active sessions
Telegram allows multi-device support, which means you can have the same Telegram account open on various devices at the same time. Over time, you may forget that you are logged in to some phone/laptop, and that can be misused. To make sure this doesn’t happen, view all devices where your Telegram account is logged in. To do this, go to Settings/ Privacy and Security/Active sessions.If you see any session that is still logged in that you want to be ended, simply click on that session and hit ‘Terminate’ to end it.