WhatsApp is adding another layer of security to its web app today, helping stop others from accessing your account when you’re not looking. In an update rolling out soon, WhatsApp will begin to require biometric authentication — such as a fingerprint or face ID — before you can use the service on your desktop.
Unlike Facebook Messenger and other services that work with a simple user name and password, WhatsApp accounts are tied to a phone number, so using the desktop app requires a connection to your mobile device.
This is done by scanning a QR code in the desktop app using your phone. But that won’t stop someone who has physical access to your phone — say, a mischievous coworker during non-corona times — from being able to link your phone to a desktop and accessing all your messages, unbeknownst to you.
The update naturally prevents this scenario from happening, much like how app stores and banking apps require biometric authentication before making a purchase. WhatsApp is using your device’s system authentication for this — no need to register a new fingerprint — but it’s not clear what happens if you aren’t using biometric authentication. Presumably, you’ll be asked to enter a pin or other security code; we’ve asked WhatsApp for clarification.
You can currently check which desktop devices are currently linked to your phone by going to the mobile app, hitting the menu button, and selecting “WhatsAppWeb.” But having that feature tucked away under a menu means you’re unlikely to notice an unauthorized login unless you’re specifically looking for it. It’s better to just prevent this from happening in the first place.
The update is rolling out to Android and iOS devices “over the coming weeks.” It’s a small but welcome update; if WhatsApp needs you to have your phone in hand to scan a QR code in the first place, it might as well make sure it’s the right person making the connection. Of course, the app still has some other security problems to address….
Did you know we have a newsletter all about consumer tech? It’s called Plugged In – and you can subscribe to it right here.