WhatsApp strengthens security measures with new authentication method

WhatsApp has announced the launch of a new authentication method to improve users’ account security using the digital credential, Passkeys.

Rhiannon Hastings, data protection paralegal in our commercial team, explains how Passkeys works and its benefits, as well as how this can impact your organisation.

What is Passkeys?

Passkeys enable users to log into their accounts using the device’s own authentication methods – typically the use of biometric data, for example, facial recognition and fingerprint scanner technology.

WhatsApp’s current method to protect users’ accounts is to generate a username and password. However, Passkeys provide users with additional options to log into their accounts without having to type a password.

Several companies already use Passkeys as a way to sign into their services, including TikTok, Paypal and Google.

Prior to implementation, Passkeys was tested by WhatsApp in its beta channel and, after a successful trial, it will be rolled out to Android users in the next few weeks and months.

WhatsApp has since reached out to Meta to roll out the use of Passkeys to iOS users, although Meta hasn’t come back to WhatsApp with a response as of yet.

How does Passkeys work?

With Passkeys, there is no username and password. Instead, users will have a ‘public key’ and a ‘private key’ (neither of which need be known to the user).

When a user sets up a Passkey, the user’s public key is shared to WhatsApp. When the user logs into WhatsApp, WhatsApp will ask the user’s device to confirm the user’s identity.

What are the benefits in using Passkeys as a new authentication method?

Passkeys will not require users to remember their passwords to log into their account. It also provides users with the confidence their passwords are unlikely to be stolen in a personal data breach or compromised by phishing.

In addition, it will also make logging back into accounts easier rather than inputting the user’s username and password details.

However, despite using Passkeys to protect users’ accounts, WhatsApp has highlighted users aren’t completely protected from ALL digital threats. It is important, particularly for users who don’t possess good password habits, to bear in mind personal data breaches and other security breaches are still possible.

What does this mean for you?

If you’re an organisation that uses WhatsApp as a tool to communicate for work purposes, we recommend you adopt Passkeys to ensure any personal data shared using the app will be protected from unauthorised access and other security breaches.

For more information on this and other data protection matters, please contact Rhiannon using [email protected].