WhatsApp is introducing a major security upgrade that will make it easier and safer for users to restore their end-to-end encrypted chat backups. The Meta-owned messaging app is reportedly rolling out passkey support, enabling users to unlock and restore encrypted backups using fingerprints, facial recognition, or device PINs instead of long passwords or 64-digit keys.
According to a report by TechCrunch, the feature is gradually being rolled out globally and will be available to all users in the coming weeks. The new capability builds upon WhatsApp’s existing encrypted backup system, which was launched in 2021 to secure user chat histories stored on Google Drive and iCloud.
WhatsApp’s new passkey protection
Passkeys serve as a modern alternative to passwords, allowing users to authenticate themselves with biometrics or device-level security methods. This eliminates the need to remember or manually enter complex passwords or keys when restoring encrypted backups. WhatsApp’s existing system relies on user-generated passwords or randomly generated 64-digit encryption keys. Losing access to those credentials could permanently lock users out of their backup data. The new passkey system aims to simplify this process while maintaining strong security protections.
How it works on Android devices
On Android, passkey authentication will be handled through Android’s built-in APIs and integrated password managers. This ensures a seamless and secure experience for users while switching devices or restoring chats. Authentication will be done using familiar methods such as fingerprint scanning, face recognition, or a screen lock code. Once verified, the system automatically decrypts the end-to-end encrypted backup without requiring manual entry of a password or 64-digit key. This approach also enables faster device transitions. If a user switches to a new Android device linked to the same password manager, they can instantly restore their encrypted backups without having to re-enter any credentials, ensuring a smoother setup experience.
Enhanced privacy and simplified recovery
Meta has confirmed that even with the passkey feature, neither WhatsApp nor the cloud storage providers will have access to the contents of the encrypted backups. The feature preserves the app’s commitment to end-to-end encryption, meaning that messages, media, and chat history remain accessible only to the user. The integration of passkeys strengthens the app’s multi-layered security infrastructure, which already includes two-step verification, device verification, disappearing messages, and encrypted media sharing.
What are passkeys
Passkeys are a next-generation authentication method designed to replace traditional passwords with a more secure and user-friendly system. Each passkey consists of two cryptographic components — one stored securely on the user’s device and the other stored on the service’s server. Even if a hacker compromises the server, they cannot access the account without the user’s physical device. This makes passkeys phishing-resistant and more secure than traditional password-based systems. Passkeys are already being adopted by major tech companies including Apple, Google, and Microsoft, and are increasingly becoming a standard for secure digital authentication.
Gradual rollout and availability
The report notes that the passkey backup restoration feature will be rolled out gradually over the next few weeks and months, starting with Android users. iOS support is expected to follow later. With this move, WhatsApp continues its effort to make account recovery and data protection simpler without compromising security. The rollout of passkeys also aligns with the growing global shift toward passwordless authentication, improving user experience while reducing risks associated with password theft and data breaches.