WhatsApp rolls out Passkeys support on Android
WhatsApp announced the rollout of passkeys support in WhatsApp for Android on the official Twitter account earlier today. Passkeys is an upcoming security standard that promises improved authentication security.
Traditionally, users sign in on Internet sites and in apps with a username and password. While easily set up, anyone with access to the information may sign-in to the account.
Passkeys use a different system. They are generated on the user's device and only public information is shared with services on the Internet and with apps. Users may then sign-in using face, fingerprint or pins, or hardware keys.
The main advantage in regards to security is that it eliminates phishing attacks and the leaking of user passwords in server breaches.
WhatsApp, a Meta-owned company, published the following information on Twitter: "Android users can easily and securely log back in with passkeys ? only your face, finger print, or pin unlocks your WhatsApp account".
The new functionality is rolling out to all users, but it may take some time before everyone gets the option. WhatsApp users on Android may check support for passkeys in the following way:
- Open WhatsApp on the Android device.
- Select the three-dots menu and then Settings.
- Open Account.
A new Passkeys option should be visible as an option next to security notifications, two-step verification, change number and other entries. The user-generated passkey is stored locally in the Google Password Manager.
WhatsApp users may use the passkey to verify their identity using the selected authentication method, e.g., Pin or fingerprint. WhatsApp uses SMS to verify the identity currently. This method is insecure, as the code is submitted in plain text. Man-in-the-Middle attacks can exploit this weakness.
This feature adds another layer of security to the account. In particular, it prevents the unauthorized verification of an account, as the passkey is required to verify the identity.
