Messaging service WhatsApp is launching passkey-encrypted chat backups for iOS and Android, allowing users to encrypt their stored message history using their face, fingerprint, or device screen-lock code.
Backups have long been a weak link in messaging-security. Even if chats and calls are encrypted in transit, stored backups may rely on a password or key that users must remember or manage. By adding passkey-encryption for backups, WhatsApp shifts more of the security burden onto the device and biometric/lock-code layer rather than a password the user must store themselves.
WhatsApp says the update will reach users over the next few months, making it easier to use the same security protections for backups that already safeguard chats and calls. To get started, go to Settings > Chats > Chat backup > End-to-end encrypted backup.
What are passkeys?
Passkeys are a passwordless authentication method based on industry standards such as FIDO2/WebAuthn. They replace passwords with cryptographic keys stored on the user’s device and protected by biometric or device-lock methods. According to recent research, 33% of Americans who use multi-factor authentication (MFA) have started using passkeys. The same study notes that passkeys were introduced only three years ago but are gaining traction.
What does this mean for users?
For WhatsApp users, this means that when the update arrives on their device they can choose to enable passkey-encrypted backups. Rather than relying on a user-chosen backup password (which can be forgotten or poorly protected) the device’s biometric or lock code becomes the gatekeeper. This simplifies the backup security model and reduces the risk of lost credentials or weak passwords being exploited.
How it fits into broader trends
The move by WhatsApp reflects a larger shift toward passwordless authentication. As research shows, passkey adoption is growing though uneven. At the same time digital scams and messaging-app-based phishing remain serious threats. Researchers found that three in ten people who experienced a cyberattack or scam said it began with a text message or a messaging-app. By making backup security stronger with passkeys, WhatsApp is aligning with a future where credentials are less likely to be the weakest point.
