Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
64,341
32,158


Meta-owned messaging platform WhatsApp today announced that it is rolling out support for passkeys on iOS, a feature that will let WhatsApp users log in to their accounts on iOS devices using Face ID, Touch ID, or their device passcode.

Whatsapp-Feature.jpg

Passkeys serve as a replacement for a traditional password, and because device authentication is required, passkeys put a stop to online attacks like phishing. With a passkey, there's no password to steal, and no one-time SMS or authentication code that can be intercepted.

Passkeys are also more convenient, because logins are done with a quick Face ID or Touch ID scan rather than a password. WhatsApp passkeys can be enabled by opening up the app settings, choosing the Account section, and tapping on "Passkeys."

Apple has supported passkeys since 2022, and they work on devices that run iOS 16 and later, iPadOS 16 and later, and macOS Ventura and later. Many companies have been implementing support for passkeys, including X (formerly Twitter), Google, TikTok, PayPal, Best Buy, Microsoft, PlayStation, and eBay.

Article Link: WhatsApp for iOS Gains Support for Passkeys
 
Last edited:
  • Like
Reactions: r4bBit/s

trip1ex

macrumors 68040
Jan 10, 2008
3,045
1,679
Human Google: what happens if I lose my phone or its stolen?

Google answers: I guess you're ok or so says Apple.
 
  • Like
Reactions: Disquette

coolfactor

macrumors 604
Jul 29, 2002
7,247
10,036
Vancouver, BC
Can't wait for iOS to adopt RCS and get rid of WhatsApp once and for all.

I can't see that happening. With RCS, are carriers still able to impose limits on file size? How about cross-device messaging? I know those of us that activate Messages in iCloud enjoy messaging on all of our devices, but is that something that WhatsApp users appreciate?

I want my RCS messages to be translucent purple!
 
  • Like
Reactions: haruhiko

springsup

macrumors 65816
Feb 14, 2013
1,237
1,230
I’ve been moving everything I can to passkeys (as a replacement for telephone number/authentication app-dependent 2FA). It’s good but there are still 2 issues to be aware of:

1. They’re not portable. You cannot sync passkeys between an iCloud Keychain, or a Google account, or 1Password, etc. The standard has no mechanism for it - keys are bound to the keychain software you use when you make them - although it’s apparently something they’re looking in to.

You’re not completely locked-in, though. Accounts can have multiple passkeys (e.g. an iCloud one, a Google one, 1Password one, etc), but it’s a hassle to set that up. Also, you can use one device to authenticate a login from another device (e.g. if you want to login to an account on an Android device, you can get a prompt and confirm it on your iPhone which has the passkey).

2. Currently, most places only offer passkeys in addition to passwords, which kind of defeats the point. AFAIK only Microsoft accounts let you disable password logins entirely.

I get that this is probably a transitional thing, but I wish more places offered it as an option now. GitHub says they’ll likely offer that within a year. Hopefully they do, and hopefully all the early adopters follow suit.
 
Last edited:

TwoBytes

macrumors 68040
Jun 2, 2008
3,121
2,071
I’ve been moving everything I can to passkeys (as a replacement for telephone number/authentication app-dependent 2FA). It’s good but there are still 2 issues to be aware of:

1. They’re not portable. You cannot sync passkeys between an iCloud Keychain, or a Google account, or 1Password, etc. The standard has no mechanism for it - keys are bound to the keychain software you use when you make them - although it’s apparently something they’re looking in to.

You’re not completely locked-in, though. Accounts can have multiple passkeys (e.g. an iCloud one, a Google one, 1Password one, etc), but it’s a hassle to set that up. Also, you can use one device to authenticate a login from another device (e.g. if you want to login to an account on an Android device, you can get a prompt and confirm it on your iPhone which has the passkey).

2. Currently, most places only offer passkeys in addition to passwords, which kind of defeats the point. AFAIK only Microsoft accounts let you disable password logins entirely.

I get that this is probably a transitional thing, but I wish more places offered it as an option now. GitHub says they’ll likely offer that within a year. Hopefully they do, and hopefully all the early adopters follow suit.

That's a helpful post with lots i've learned! A bit shocked about portability but I guess that's tied into your second point - they are not as popular and people still have issues with passwords right now. I'm sure once passkeys are more commonplace, there will be some sort of group come forward to create a standard.
 

Chux@20

macrumors newbie
Sep 17, 2020
23
32
And do carriers have any control over geographic location like they do with SMS? International texting is still a "paid add-on" in Canada for many carriers.

RCS allows text via Wi-Fi? So I’m guessing they won’t charge if sent over Wi-Fi ?
 

springsup

macrumors 65816
Feb 14, 2013
1,237
1,230
That's a helpful post with lots i've learned! A bit shocked about portability but I guess that's tied into your second point - they are not as popular and people still have issues with passwords right now. I'm sure once passkeys are more commonplace, there will be some sort of group come forward to create a standard.

It’s worth noting that if you use a cross-platform keychain such as 1Password, your passkeys can sync across platforms, because the keys are locked to the keychain platform, not a particular device.

So services such as 1Password, LastPass, etc have a bit of an edge here.

Of course, there’s always the chance Apple could launch iCloud Keychain on Linux and Android (it already exists on Windows)…
 

RandomTox

macrumors regular
Jan 17, 2007
184
441
In other words, let's collect more human metrics and use it for our questionable purpose. Next step would be a DNA authentication. The road to hell is paved with good intentions.
 

AstonSmith

macrumors member
Nov 2, 2016
98
86
UK
Perhaps a weird question, but what happens if you have two phones with the same iCloud login (with sync enabled), two phone numbers and two WhatsApp accounts? Does each account get its own passkey, or does it try to use one WhatsApp passkey for both accounts?
 
  • Like
Reactions: r4bBit/s

MilaM

macrumors 6502a
Nov 7, 2017
865
2,046
I was excited about Passkey when they were initially announced, but my enthusiasm has cooled down a bit. I will likely use them to secure my most important accounts eventually. Since my current password manager does not support them, I'm in no rush though. The way they work today, without a way to move them between password managers, I'm worried about vendor lock-in.

On iOS specifically it's also unfortunate, that you can only use them when iCloud Keychain is turned on. It should be at least possible to have device specific Passkeys without syncing enabled. This is a use-case specifically covered by the specs, but apparently Apple thinks it's too complicated to understand for most users.
 
  • Like
Reactions: icwhatudidthere

AiPone12mini

macrumors member
Nov 9, 2022
48
37
Tartu, Estonia, EU
Telergam is still most robust free calling and communication app and it is rare sight to see that it is written in native language not in bloated way like most of "lazy" written bloat apps with Electron and Nodejs sluggish horrors. Insane speed with PC and with Mobile apps. I try to keep away of closed source and bloated apps much as possible.
 

nStyle

macrumors 68000
Dec 6, 2009
1,507
1,059
I don't get it. They have to verify the phone number first. After that, how many times are you going to be logging in? Maybe on a new phone but that's going to be rare.
 

jasonsmith_88

macrumors regular
Jul 27, 2016
187
465
I don't get it. They have to verify the phone number first. After that, how many times are you going to be logging in? Maybe on a new phone but that's going to be rare.

I thought it was going to replace Two-Step Verification, but that doesn’t appear to be the case. It looks to purely be an alternative to receiving an SMS to authenticate.

Considering SMS authentication can’t be disabled, and the passkey can’t be used as a second factor, it provides zero additional security.

The fact it doesn’t replace 2FA is baffling. This is one of the key concepts of passkeys. Plus, WhatsApp is the only app in existence that constantly pesters me to confirm that I “remember” my PIN. In 2024 we shouldn’t be encouraging users to remember pins/passwords. This was bad practice 15 years ago. No, I don’t remember my PIN because it’s saved in my password manager. I know 2FA is enabled and I know where the PIN is. Give me the option to stop pestering me about it.
 
  • Like
Reactions: lozion and jgleigh

Justin Cymbal

macrumors 6502
Mar 25, 2008
478
2,689
Boston, Massachusetts
RCS allows text via Wi-Fi? So I’m guessing they won’t charge if sent over Wi-Fi ?
Standard SMS (green bubble texting) has worked over Wi-Fi for years now:


I keep my iPhone in airplane mode throughout the entire day and am still able to make and receive phone calls and send and receive standard SMS text messages with no issue

All you have to do is enable airplane mode and then connect to a Wi-Fi network and if you look in the top left-hand corner of your phone, it will say your network (followed by Wi-Fi) mine says T-Mobile Wi-Fi

For the iPhone X and later you have to open control center and then it will say your network (followed by Wi-Fi) in the top left
 
  • Like
Reactions: mrnoark
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.