WhatsApp to Add Support for Passkey-Encrypted Backups

[MacRumors]

WhatsApp this week announced that it is adding passkey-encrypted chat backups, allowing users to protect their stored messages using Touch ID or Face ID instead of a 64-digit key.

The feature extends the app's 2021 end-to-end encrypted backup system, which previously required users to create and save a lengthy key to restore chats. With passkeys, authentication uses each device's built-in authentication hardware like Touch ID or Face ID, meaning the private cryptographic key never leaves the phone. This makes backups both more secure and much easier to restore.

The rollout is set to be global and gradual over the coming weeks. Users can enable it via Settings → Chats → Chat backup → End-to-end encrypted backup once available. iCloud and Google Drive remain the storage destinations for iOS and Android, respectively. The move continues Meta's broader adoption of passkeys, which WhatsApp first supported for account logins in 2023.

Article Link: WhatsApp to Add Support for Passkey-Encrypted Backups

 

[Apple-achian]

Its safer to switch to iMessage and encourage family and friends to use Apple devices.

 

[EightyEight]

Safer, yes. But convincing family and friends to switch is very difficult.

 

[neptuna]

Its safer to switch to iMessage and encourage family and friends to use Apple devices.

Maybe switch to Signal instead. I love iMessage, but competition is healthy for consumers and everyone on Apple devices may end up biting us in the butt later.

 

[blizzerand]

Its safer to switch to iMessage and encourage family and friends to use Apple devices.

Where i am at, even if the family is on iPhone, whatsapp is the means of communication. It just works.

 

[klasma]

WhatsApp this week announced that it is adding passkey-encrypted chat backups, allowing users protect their stored messages using Touch ID or Face ID instead of a 64-digit key.

This is incorrect. The backups are always encrypted with a 64-digit key, and that key is always also stored in encrypted form on-device (in the secure enclave). It was always the case that if you forgot the password and/or the key, you could still decrypt the backup as long as you have the device that the key is stored on. Decrypting the key requires Face ID or Touch ID (or the device passcode I suppose). You only need the password and/or key to decrypt the backup on a different device. (If you reset your iPhone, that would count as a different device as well.)

If one chooses the option to use a password, the encrypted key is also stored in a Hardware Security Module hosted by Meta. This allows to still decrypt an encrypted backup from a different device using just the password. (Meta still won't get access to the decrypted key other than on-device.)

The new passkey option now is just a variant of the existing password option, with the difference that you don't have to take care of remembering the password (or saving it in a password manager), as passkeys are automatically stored in the iCloud keychain. (You may still have to take extra steps to synchronize them between iOS and Android.)

 

[klasma]

Safer, yes. But convincing family and friends to switch is very difficult.

In fact, depending on your family and friends, such attempts may negatively impact your personal safety.

 

[Tomboman]

I still have 2 questions about Passkeys - maybe someone can help?
- it is saved on the device - So what happens when the iPhone is stolen? On a new iPhone it wouldn't work since the backup was encrypted on a different device?
- When your device gets stolen and somehow gets your passcode - They just do a new face on FaceID, so would the passcode check be approved?
Thanks guys

 

[Love-hate 🍏 relationship]

Im still confused about passkey

I create a passkey with my face on iPhone 13 Pro.

Can I then login with my face , on a 17 ?

 

[stars_fan]

Its safer to switch to iMessage and encourage family and friends to use Apple devices.

It’s wild people still put that meta spyware trash on their phones

 

[klasma]

I still have 2 questions about Passkeys - maybe someone can help?
- it is saved on the device - So what happens when the iPhone is stolen? On a new iPhone it wouldn't work since the backup was encrypted on a different device?

Passkeys are stored in the iCloud keychain (if you use iCloud), so you can use them on any device connected to the same Apple account. The Face ID / Touch ID just serves to identify yourself as being allowed to use the passkey.

- When your device gets stolen and somehow gets your passcode

Knowing the device passcode is for all intents and purposes equivalent to having your face or fingerprint. Face ID / Touch ID are just conveniences so that you don’t have to enter a code, but they don’t replace the code, in that the code by itself also still works.

- They just do a new face on FaceID, so would the passcode check be approved?

The Apple ID password may also be required (not sure), but otherwise yes.

 

[klasma]

Im still confused about passkey

I create a passkey with my face on iPhone 13 Pro.

Can I then login with my face , on a 17 ?

Yes. The passkey isn’t actually connected to your face. But it’s stored in the iCloud keychain, and your face unlocks access to it on each device connected to your iCloud account and where you have set up Face ID, similar to how it unlocks access to Apple Pay and similar.

 

[JustSomebody12]

It’s wild people still put that meta spyware trash on their phones

Outside of the US Whatsapp is the default option.
Here most people with iPhones don’t even bother to activate iMessage, and most who do rarely, if ever, use it

 

[Tomboman]

Passkeys are stored in the iCloud keychain (if you use iCloud), so you can use them on any device connected to the same Apple account. The Face ID / Touch ID just serves to identify yourself as being allowed to use the passkey.


Knowing the device passcode is for all intents and purposes equivalent to having your face or fingerprint. Face ID / Touch ID are just conveniences so that you don’t have to enter a code, but they don’t replace the code, in that the code by itself also still works.


The Apple ID password may also be required (not sure), but otherwise yes.

Thanks a lot helping me understand! I think I got it now

 

[ifxf]

It’s wild people still put that meta spyware trash on their phones

Well if Apple put iMessage on Android, it might be the world standard for messaging but they got greedy so Whatsapp is now the standard (excluding China with WeChat).

 

[SFjohn]

Hah, when I read the headline the first time I thought WhatsApp was rolling out support for adds… 😂

 

[whelmedjedi]

enough with these useless updates. when will they solve compressing problem on iphones while sending a screen video on whatsapp chat? They completely destroy the content. If you dont believe me, just record your screen and send to yourself via whatsapp chat.

 

[svish]

Good to see Passkey support. Expecting to see a quick rollout and at least by the end of the month, most users will be having access.