Whatsapp has added an important security feature to make logging into your WhatsApp Web more secure. To those who don’t know: WhatsApp Web allows users of the chat app to send and receive text messages, images and documents through their web browser – allowing them to stay in touch without having to constantly reach into their pockets for their smartphone.
Previously, anyone with access to WhatsApp could log into WhatsApp Web using the chat app’s built-in QR code scanner on Android and iOS. However, with the latest update of the world’s most popular chat app with over 2 billion users, parent company Facebook has tightened security. After the update, WhatsApp users will have to confirm their identity using their phone’s built-in biometric authentication features, usually in the form of a fingerprint or face scanner.
As soon as WhatsApp is able to verify that it’s really you, it will unlock the QR scanner, which will allow anyone to bring their text messages into a web browser by visiting web.whatsapp.com.
Interestingly, this is not an optional new feature. Instead, WhatsApp enables this extra security step by default once you update to the latest software version on Android or iOS. In a way, this makes sense. After all, once you are logged into WhatsApp Web, it is possible to browse your entire chat history, search for specific word or name mentions, and download pictures and videos from your conversations. That’s a lot of personal data. So by verifying that it’s definitely you requesting access, WhatsApp should be able to stop pranksters and bad actors from accessing every message you’ve ever sent in WhatsApp in their Chrome, Safari or Microsoft Edge web browsers.
The latest update is likely to make a number of unofficial third-party WhatsApp clients, like those available for macOS, Windows and the iPad, more painful to use. That’s because these aren’t native apps designed for the platforms they run on. Since WhatsApp is tied to your phone number and SIM card, it’s not possible to be logged into multiple apps at once – like you can with Signal, iMessage, and Messenger. Instead, these apps are just wrappers that access WhatsApp Web, which requires your smartphone to be turned on in order to work.
Whether the new security feature will require users to constantly scan their fingertips and faces to stay logged into these unofficial WhatsApp apps remains to be seen.
As an added security measure, WhatsApp now sends a notification to your iPhone or Android chat app when someone logs into your account via WhatsApp Web or one of these computer apps (WhatsApp itself makes one of these WhatsApp Web wrappers, available for free from the Mac App Store). If someone you don’t know has logged into your account via WhatsApp Web, you can use the mobile apps in any web browser to log out with a single tap.
WhatsApp has issued a clarification saying that UK and European users will see no difference, while those living in other parts of the world can only expect to see data from conversations with businesses and corporate accounts within WhatsApp. These two use cases are entirely optional.
Unconfirmed statistics from third-party vendors monitoring the app store claim that millions of WhatsApp users have left the service in response to the new policy, which users must agree to in order to continue using the chat app. Secure messaging competitors, including Signal and Telegram, have both reported a surge of millions of new users in recent weeks.
Both are trying to capitalize on the fallout, with Signal adding a number of features that will be familiar to WhatsApp users in a major new update, while Telegram has announced plans to add an automatic contact import feature to its messaging app to allow for a seamless transition from competing apps.