In a move that underscores its commitment to user privacy, the messaging platform WhatsApp has rolled out a new feature allowing users to secure their chat backups using passkeys instead of traditional passwords. The update, available for both iOS and Android devices, enables users to encrypt their backups stored in iCloud or Google Drive by using biometrics (fingerprint, Face ID) or a simple screen lock code. Previously, WhatsApp required users to create and remember a cumbersome 64-digit encryption key or password to protect backups. With this change, the company says the same end-to-end encryption that covers live chats and calls now extends to backups, offering a more seamless and user-friendly security barrier. The rollout is gradual and is expected to expand globally over the coming weeks and months.
Sources: BitDefender, Gadgets360
Key Takeaways
– The shift to passkey-based encryption for backups simplifies the security model by eliminating the need for long passwords or 64-digit keys and instead relying on biometrics or device lock codes.
– Backups benefit from the same end-to-end encryption protections that live chats enjoy, meaning neither WhatsApp nor cloud storage providers can access the contents.
– The rollout is being phased in globally, so users may not see the option immediately; enabling it involves navigating to Settings → Chats → Chat Backup → End-to-End Encrypted Backup.
In-Depth
For years, WhatsApp has maintained one of the most widely used messaging platforms in the world, serving billions of users and handling massive volumes of chats daily. Security has long been a selling point: since 2016, WhatsApp has offered end-to-end encryption (E2EE) for messages and calls, meaning only the sender and the recipient can read them. But while live chats were encrypted, backups — stored on cloud services like Apple’s iCloud or Google Drive — posed a residual weak link. Previous versions allowed users to optionally enable encrypted backups, but this required them to generate and keep safe a 64-digit encryption key or create a complex password. Losing that key or forgetting the password could lead to permanent loss of access to the backup. The new feature marks a significant usability and security leap: using a passkey (a form of authentication based on cryptographic key-pairs tied to your device) replaces the old model. Under this system, the private key remains on your device, while a matching public key is held by the service — meaning your authentication cannot be phished or stolen in the same way a static password can. This aligns with a broader industry push toward passwordless authentication and stronger device-bound security.
For users, the practical upshot is clear: you no longer need to memorize a long string of characters. Instead, your fingerprint, Face ID, or your device’s screen lock can secure your backup. When you reinstall WhatsApp or switch devices, enabling the passkey encryption option ensures that only you — via your biometrics or screen lock — can access the backup. This reduces both cognitive load (no more “what was that 64-digit key I wrote down?”) and risk (no more passwords that can be guessed, phished or reused). From the consumer view, the update addresses two persistent pain points: first, backup encryption adoption was low because setting it up was awkward; second, the old model created too much risk of lock-out.
From a right-leaning vantage point, this is a sensible evolution—security through strong, device-based cryptography rather than cerebral burden on the user. Rather than forcing consumers into compliance with complicated protocols, WhatsApp is aligning ease-of-use with security, showing that tech firms can respect individual responsibility without drowning users in complexity or paternalism. It also reflects a pragmatic acknowledgement: individuals use multiple devices, switch phones, travel, and rely on backups for continuity. Encryption features must fit real-world workflow or they will be bypassed. By leveraging the device’s existing security (screen lock, biometrics) and offering it for backups, the company reduces friction while preserving choice: users can opt in or stick with the older method if they prefer, which aligns with a pro-freedom mindset.
Of course, no system is perfect. Biometric locks and device PINs are only as secure as the device itself. Users must keep their phones updated, avoid jailbreaking or sideloading apps that may compromise security, and continue to practice good digital hygiene. But the move addresses one of the more glaring weak spots in consumer encryption services: the cloud backup gateway. It’s a meaningful step toward making strong encryption broadly accessible rather than reserved for tech-savvy power users.
In sum: WhatsApp’s new passkey-encrypted backup feature is a timely upgrade for users who care about privacy without wanting to become security experts. It streamlines the process of securing your message history and aligns with a modern vision of passwordless authentication and personal responsibility. Users should check whether the option is available on their device, enable it through the backup settings, and rest a little easier knowing their chats are safeguarded with the same rigor used for live conversations.