WhatsApp Passkey GuidePasskeys User Tips

WhatsApp Passkey Guide

Learn how to set up and use WhatsApp Passkeys for enhanced security and seamless authentication on iOS and Android devices.

Max Appel

Max

Created: September 11, 2024

Updated: September 11, 2024


Our mission is to make the Internet a safer place, and the new login standard passkeys provides a superior solution to achieve that. That's why we want to help you understand passkeys and its characteristics better.

1. Introduction: Understanding WhatsApp Passkeys#

Passkeys are the new standard of secure and user-friendly authentication. They replace traditional passwords with cryptographic keys, significantly enhancing both security and user experience. However, some questions of passkeys in regard to WhatsApp remain:

  • Why should you consider using passkeys for WhatsApp instead of traditional passwords or two-factor authentication methods?
  • What are the key benefits of passkeys, and how do they improve security for WhatsApp users?

In this guide, we’ll explore the advantages of using passkeys on WhatsApp and provide a step-by-step process for setting them up on both iOS and Android devices.

2. What Are Passkeys and Why They Matter for WhatsApp?#

Passkeys are a modern, secure alternative to traditional passwords, using cryptographic keys instead of memorized passwords. This shift to passkeys aligns with WhatsApp’s ongoing commitment to user privacy and security, enhancing both protection and convenience for its over 2 billion users.

Why WhatsApp Introduced Passkeys

  1. Improved Security and User Experience: Traditional methods like SMS-based verification and 2-step verification (2SV) codes can be cumbersome and insecure. Passkeys offer a streamlined login process using biometrics or device PINs, making it easier for users to access their accounts without repeatedly entering codes or scanning QR codes, particularly for those using WhatsApp on desktop versions.

  2. Mobile-First Strategy: Since most WhatsApp users access the app on mobile devices, rolling out passkeys aligns with this mobile-first usage. Over 95% of mobile devices are already equipped to use passkeys, providing a solid foundation for smooth integration and better user experience.

  3. Cost Efficiency: Moving away from SMS-based One-Time Passcodes (OTPs) helps WhatsApp cut down on costs associated with SMS verifications, which can run into millions of dollars annually. Passkeys offer a more secure and cost-effective alternative and have no transactional costs.

  4. Advanced Sync Management: WhatsApp allows users to choose where their passkeys are stored, such as in Google Password Manager or Samsung Pass. This option gives users greater flexibility and control over their security settings, making it easier to manage passkeys and synchronize them when switching devices.”

By adopting passkeys, WhatsApp not only enhances security but also reduces costs and simplifies the user experience. This move positions WhatsApp as a leader in secure messaging, with potential for broader application across Meta’s platforms like Facebook and Instagram.

Substack Icon

Subscribe to our Passkeys Substack for the latest news, insights and strategies.

Subscribe

3. Benefits of Using Passkeys for WhatsApp Authentication#

After announcing the introduction of passkeys for WhatsApp in October 2023 for Android and in April 2024 for iOS, the company provided limited details on how they can be used and the specific scenarios where they will be most beneficial. It appears that the full range of passkey features will be rolled out incrementally. However, users can expect to experience the following advantages of passkeys in the near term:

3.1 Simplified, Secure Logins Without Passwords#

With passkeys, WhatsApp users can log in using Face ID, Touch ID, or a device PIN, eliminating the need for memorizing complex passwords. This makes it easier to access accounts securely, especially when traveling or on the move, without the hassle of SMS verification codes, as mentioned in WhatsApp’s official announcement on social media.

3.3 Reduced Risk of SIM Swapping and Phishing Attacks#

WhatsApp has historically relied on SMS-based One-Time Passcodes (OTPs) for account verification. However, these are vulnerable to SIM-swapping attacks and phishing. By introducing passkeys that authenticate locally on the user’s device, WhatsApp significantly reduces these risks, providing a more secure and reliable method of authentication.

3.4 Seamless Multi-Device Experience#

WhatsApp is also leveraging passkeys to improve the multi-device experience. Instead of relying on QR code scans to sync across devices, passkeys enable seamless and secure login across platforms. This allows for a smoother transition when using WhatsApp on both mobile and desktop versions, without repeated manual verifications.

4. Requirements for Setting Up WhatsApp Passkeys on iOS and Android#

Passkeys provide an easy and secure way to log in to supported sites and applications without passwords by relying on Face ID or Touch ID to identify you. Your iOS device stores the passkey in the iCloud Keychain, therefore you must be running iOS 16 or later. For your Android device, you are required to at least have Android 9 (PIE).

Can I use passkeys with WhatsApp on my device?

PlatformRequired OS VersionRequired WhatsApp VersionOther Requirements
iOSiOS 16 or laterWhatsApp version 24.8.83 or later- iPhone 8 or later.
- enabled iCloud Keychain
AndroidAndroid 9 (Pie) or laterWhatsApp version 2.23.21.11 or later- Google account set up and linked with the mobile device
- Screen lock enabled on the device
- Password Manager set up (check in device settings under Passwords and Accounts)
- Latest version of Google Play Store (check for updates under Settings > Security & Privacy > System & Updates)
- Biometric authentication (Fingerprint or Face Unlock) or a secure PIN
Slack Icon

Become part of our Passkeys Community for updates and support.

Join

5. How to Enable WhatsApp Passkeys on iOS#

Setting up passkeys on WhatsApp for iOS is straightforward. Follow these steps:

Step-by-Step Guide for iOS:

  1. Update Your WhatsApp App: Ensure that your WhatsApp is updated to the latest version from the App Store.

  2. Enable Passkeys: Open WhatsApp and navigate to Settings > Account > Passkeys > Continue

  3. Set Up a Biometric Method: Choose your preferred biometric method (Face ID or Touch ID) or a device PIN.

iOS-implementation-1.jpg iOS-implementation-2.jpg

6. How to Enable WhatsApp Passkeys on Android#

Android users can also enjoy the convenience of passkeys for their WhatsApp authentication. Here’s how:

Step-by-Step Guide for Android:

  1. Update Your WhatsApp App: Make sure your WhatsApp is updated to the latest version from the Google Play Store.

  2. Enable Passkeys: Open WhatsApp and go to Settings > Account > Passkeys > Continue

  3. Choose Biometric Authentication: Select a biometric authentication method (Fingerprint or Face Unlock) or set a device PIN.

android-implementation-1.jpg android-implementation-2.jpg

7. How to Log In with Passkeys on WhatsApp#

Once passkeys are set up, logging in will be simple:

  1. Re-install WhatsApp on your device.
  2. Instead of having to use SMS-based One-Time Passcodes (OTPs) for account verification, use your configured biometric method (Face ID, Touch ID, Fingerprint) or PIN to authenticate your phone number.
  3. If set up correctly, the device will authenticate automatically, providing a secure, passwordless login experience.

8. How to Manage Passkeys in WhatsApp#

To manage your passkey in WhatsApp, simply go to Settings > Account > Passkeys, where you can delete the existing passkey or after deleting, create a new one.

manage-passkeys-whatsapp.jpg

9. WhatsApp Passkeys for Backups#

A new feature currently in development for WhatsApp passkeys is the encryption of backups using passkeys. Until now, WhatsApp backups could be secured either with a password or a 64-bit key. With the upcoming updates, users will soon have the option to encrypt their backups with passkeys, adding an extra layer of security. This functionality is already available to some Android beta users in the WhatsApp beta 2.24.18.13 version, allowing early adopters to experience this enhanced security measure firsthand. The feature is expected to be rolled out for all WhatsApp users in the coming weeks.

10. WhatsApp Passkeys FAQ#

10.1 What Happens if My Biometric Authentication Fails?#

If your biometric authentication fails (e.g., Face ID doesn’t recognize you), WhatsApp will fall back to your device PIN or password as a secondary method (fallback method).

10.2 Can I Use WhatsApp Passkeys on Multiple Devices?#

Yes, passkeys can be used across multiple devices as long as they meet the setup requirements and are synced via iCloud Keychain (iOS) or Google Password Manager / Samsung Pass (Android) or Third-Party Password Managers (e.g. 1Password, Dashlane, Bitwarden).

10.3 Are WhatsApp Passkeys Secure?#

Absolutely. Passkeys leverage public-key cryptography, making them significantly more secure than traditional passwords. They are also immune to phishing attacks since the authentication happens on the device, not on a server.

11. Conclusion: Enhancing Your WhatsApp Security with Passkeys#

Passkeys represent a great step forward in making WhatsApp more secure and user-friendly. By transitioning from traditional passwords and SMS-based verifications to a more secure, biometric-backed authentication method, WhatsApp is addressing both user convenience and advanced security needs. As more features, like encrypted backups with passkeys, become available, WhatsApp users can look forward to even greater control over their privacy and security. Setting up passkeys is easy, and the benefits - enhanced security, reduced risk of phishing, and a smoother login experience - make it well worth the effort.

Share this article


LinkedInTwitterFacebook

Enjoyed this read?

🤝 Join our Passkeys Community

Share passkeys implementation tips and get support to free the world from passwords.

🚀 Subscribe to Substack

Get the latest news, strategies, and insights about passkeys sent straight to your inbox.


We provide UI components, SDKs and guides to help you add passkeys to your app in <1 hour

Start for free