Now, WhatsApp users can securely log in to their accounts using their phone’s facial recognition or fingerprint scanner instead of typing a password.
WhatsApp users on Android can say goodbye to insecure and annoying SMS two-factor authentication. The Meta-owned company announced on X (formerly Twitter) that it’s rolling out support for a passwordless passkey feature to all Android users. The new security option allows WhatsApp users to use their device’s face, fingerprint, or pin security to unlock and access their accounts — following Google’s lead when it began prompting users last week to create passkeys.
Passkeys were previously being tested by WhatsApp in its beta channel, but it’s now coming to regular users of the app on Android. We reached out to Meta about iOS compatibility, and while there’s no word yet on support for WhatsApp passkeys on iPhones, Android support will roll out over the coming weeks and months.
With WhatsApp adding passkey support, it’s a small step on the road toward never having to memorize a password that could potentially be stolen in a data breach or compromised by phishing. That doesn’t mean WhatsApp’s 2 billion-plus users are completely protected from all digital threats, but it should help make things easier and more secure for both those who already have good password habits and those who still set their passwords to “12345.” (Strange, I’ve got the same combination on my luggage.)
What are passkeys?
Passkeys can replace traditional passwords with your device’s own authentication methods. That way, you can sign in to Gmail, PayPal, or iCloud just by activating Face ID on your iPhone, your Android phone’s fingerprint sensor, or with Windows Hello on a PC.
Built on WebAuthn (or Web Authentication) tech, two different keys are generated when you create a passkey: one stored by the website or service where your account is and a private key stored on the device you use to verify your identity.
Of course, if passkeys are stored on your device, what happens if it gets broken or lost? Since passkeys work across multiple devices, you may have a backup available. Many services that support passkeys will also reauthenticate to your phone number or email address or to a hardware security key if you have one.
Apple’s and Google’s password vaults already support passkeys, and so do password managers like 1Password and Dashlane. 1Password has also created an online directory listing services that allow users to sign in using a passkey.
