May 14, 2021

WhatsApp adds biometrics authentication requirement to link account to PC


Following a change in its privacy policy that caused an exodus to competing apps like Signal and Telegram, WhatsApp is adding a new layer of security to the process of linking an account to a computer. The Facebook-owned messaging service is now pushing an update that will allow users to take advantage of biometrics on their phone for authentication.

Any device compatible with its biometric authentication — be it fingerprint, face, or iris unlock — will be able to benefit from this security feature. There’s no support for conventional options like PIN, pattern, or password unlock. What’s worth noting is that the app will ask for biometrics only when you link the account to a computer for the first time.

WhatsApp is also being extremely cautious with its communications this time around and has already clarified that the company can’t access the biometric information stored by your device’s OS.

The new update doesn’t seem to be live yet but you should expect it to arrive in the coming days. The company also promises that it will be “adding a lot more functionality” to its desktop and web clients in 2021. This may be a reference to support for voice and video calls or multi-device login.

WhatsApp Messenger
WhatsApp Messenger

Security of Device Linking

While WhatsApp was first created for the mobile phone, today hundreds of millions of people around the world use WhatsApp on their computer via our desktop apps and WhatsApp Web.

This year we’re going to be adding a lot more functionality to our apps for Mac and Windows, as well as the Web. We want WhatsApp Web and desktop to be just as robust as our mobile apps so people can communicate privately and securely in whatever way is best for them, in their palms or on their computers.

Today we’re putting even more security into WhatsApp Web and desktop, adding an additional layer of protection when you want to link your WhatsApp account to your computer.

To do this, we’re taking advantage of face or fingerprint unlock where it is available on the mobile phone operating system. In order to link WhatsApp Web or Desktop to your WhatsApp account, you will now be asked to use your face or fingerprint unlock on your phone, before scanning a QR code from the phone to link your device.

This will limit the chance that a housemate or officemate (when we have those again) can link devices to your WhatsApp account without you. This builds on our existing security measures today, which pop up a notice in your phone whenever a Web/Desktop login occurs, and the ability to unlink devices from your phone at any time.

The face and fingerprint authentication takes place on your device in a privacy preserving manner – by design, WhatsApp cannot access the biometric information stored by your device’s operating system. 

The new security update for linking devices will be rolling out, alongside a visual redesign to the WhatsApp Web page on phones, to users with compatible devices over the coming weeks.

——

Additional background

  • In order to link WhatsApp Web, Desktop or Portal to your WhatsApp account, if you have enabled biometric authentication on your device, this update means that you will now be required to verify your identity using the face or fingerprint unlock on your phone.
  • Once you have verified your identity, you can set up WhatsApp Web as usual, by opening WhatsApp Web on the linked device’s browser and scanning a QR code from the phone.
  • By design, WhatsApp cannot access the biometric information stored by your device’s operating system. The authentication is conducted by the user’s device’s operating system (using the biometric identifier stored there), which tells WhatsApp whether the verification has been completed. This authentication process will only occur if the user has set up this feature on their device, which involves giving their consent to the processing of their biometric data by the company behind the operating system.
  • WhatsApp uses the same standard biometric authentication APIs that other secure apps – such as banking apps – use
  • This additional layer of security is enabled by default for all users who have enabled biometric authentication on their phones. As biometric authentication for WhatsApp Web is enabled by default on compatible handsets, there is no option to remove it, unless the user disables biometric authentication on their device.
  • The update also provides a visual refresh of the “WhatsApp Web” page on the Android and iOS apps, where users will see an updated design for more easily linking new devices and managing existing ones.
  • *Compatible devices are:
    • iPhone: all devices operating iOS 14 and above with Touch ID or Face ID (iPhone 5s onwards)
    • Android: any device compatible with Biometric Authentication (Face Unlock, Fingerprint Unlock or Iris Unlock)

Be the first to comment

Leave a Reply

Your email address will not be published.


*