How to Enable 2FA & Passkeys for WhatsApp: Ultimate Security Checklist 2024

Imagine chatting with the fear of your WhatsApp account being hacked. It can be a very terrifying experience. The good news is that Whatsapp provides users with an opportunity to activate Two-Fator-Authentication and the recently introduced Passkeys. Let's dive into it.

Securing online communication is extremely important for individuals and businesses around the world. It is vital to ensure that your information and communication are not compromised by hackers, as this can result in significant losses for both individuals and companies. Let's delve into the significance of online communication.

Vulnerability of online communication

As we all know, WhatsApp is the number one instant messaging application world, in over 180 countries, using WhatsApp in 60 languages.WhatsApp holds sensitive information like messages, photos, and contacts, therefore securing it prevents unauthorized access and potential data breaches.

Unsecured accounts can expose private conversations and personal details to hackers or malicious actors compromising privacy and causing emotional distress.

2FA Passkeys as a significant change 

According to Microsoft two-factor authentication is an identity and access management security method that requires two forms of identification to access resources and data.2FA adds an extra layer of security by requiring a second verification factor, such as code or fingerprint.

One advantage of two-factor authentication is that it eliminates the need for passwords by relying on biometric or pin authentication.

Phishing immunity

You might be wondering whether it is even possible for hackers to bypass two-factor authentication, and the short answer is yes. However, not all multifactor authentications are easy to bypass. The most common one is the SIM swap method.

What is a sim swap? According to Avast, a SIM swap tricks your carrier into sending texts and calls to a scammer. One good example is when a Los Angeles man pleaded guilty to “sim swap” where he defrauded his victims to get access to their Instagram accounts and unlawfully obtained money.

It is therefore advised you stay vigilant and don’t share your One Time Password(OTP) with anybody not even your carrier.

Convenience and Enhanced security

Using a fingerprint or PIN is faster and more secure than remembering passwords which helps to improve user experience and overall security picture.

WhatsApp as a target

WhatsApp is a highly popular messaging application that is often targeted by hackers trying to gain unauthorized access to users' accounts.

Due to the personal and professional information stored on the platform, attackers find it an attractive target. Unfortunately, many users are not aware of the security risks or how to protect their WhatsApp accounts effectively.

The Enemy at the Gates: Unmasking WhatsApp Vulnerabilities 

The Silent Threat: Unwanted Login Attempts

Unauthorized access to your WhatsApp account can allow hackers to take control of it, giving them access to your messages, media, and contacts. They can even listen to your voice notes, which may contain sensitive, financial, or private information.

These hackers often demand ransomware to keep your information from being exposed, leaving you with the choice of either paying up or risking blackmail and extortion. This can be a deeply stressful and traumatizing experience.

One of the worst things that can happen to you is having your identity stolen by hackers who then impersonate you on WhatsApp.

They can send deceptive messages to your contact list, including your close family members, and borrow money from your friends.

This is because your WhatsApp account can be linked to WhatsApp Pay, a feature that allows users to send and receive money from other businesses. This can potentially damage your relationships and reputation.

Hackers find this an attractive target for financial gain, and the stolen accounts could also be used to make unauthorized payments.

Hacked WhatsApp accounts can be used as a springboard to attack other linked accounts like email, social media, or banking platforms which will further amplify potential damage and lead to wider security breaches.

Building Your WhatsApp Security Fortress

Enabling passkeys on Android: A Step-by-Step Guide

1. Open WhatsApp and head over to settings
2. Click on account
3. Create passkeys
4. Make sure to confirm the last four digits of your number as displayed and click continue
5. Create a passkey for WhatsApp using your fingerprint
6. Congratulations! You have created your passkey

Paskeys are replacements for passwords that are easier for one to sign in and one doesn’t need to remember his or her password. However it's important to note that passkeys for iPhones haven’t been rolled out yet, I will keep you posted when they start rolling out to iPhones 

Enabling Two-Factor-Authentication on Android

1. Open your WhatsApp account and click on "settings"
2. Tap on "account"
3. Tap "Two-step verification"
4. Tap turn on the below
5. Step up a 6-digit code that you can remember
6. Add your email, if you don’t want to add it you skip this step and you are done
7. After adding your a code will be sent to that email
8. Enter the code and you are done

Enabling  Two-Step Verification on iPhone

1. Launch WhatsApp on your iPhone 
2. Go to settings, tap the gear icon at the bottom right corner
3. Click on "accounts" within accounts
4. Tap "Two-Step verification" inside accounts
5. Tap enable on the "next" screen
6. Create a 6-digit code that you can remember and should be strong
7. Add you email(Optional)
8. A code will be sent to your email, add it and click next to complete the setup

You are now  good to go but remember to keep your 2FA pin safe and don’t share it with anyone if you ever forget your pin you can use the recovery email if it is added to receive a reset link

Advanced Security tactics: Blostering your Defenses

Enable end-to-end encryption

Importance

Whatsapp end-to-end encryption(E2RR) remains a crucial foundation for securing communication. In 2016 WhatsApp launched end-to-end encryption to allow users to protect their messaging backups on Google Drive and iCloud. Here is why end-to-end encryption is important.

End-to-end encryption is a security measure that can be compared to a digital vault. It uses unique keys to scramble messages, making them inaccessible to anyone except the sender and recipient.

This additional layer of protection complements other security measures such as 2FA and passkeys, as it secures the content itself and not just access to the account.

In 2024, privacy is more important than ever. End-to-end encryption is crucial in combating increased surveillance and data breaches. It shields conversations from the government, malicious actors, and even accidental data breaches on WhatsApp servers.

It empowers secure communication for everyone, from journalists and activists to ordinary citizens, protecting sensitive information and fostering trust in online interactions. This enables individuals to express themselves freely without fear of censorship or monitoring.

WhatsApp has a responsibility to protect sensitive information as it has 2.78 billion monthly users in 180 countries. End-to-end encryption safeguards this data from unauthorized access and misuse, which is essential in an age where transactions and data sharing are commonplace.

Finally, end-to-end encryption helps build trust and confidence in the platform. By making WhatsApp a more trustworthy communication platform, it promotes a sense of privacy and security, encouraging users to engage more openly and confidently.

How to Activate End-to-end Encryption on Android

1. Launch WhatsApp
2. Click the three dots at the top right corner
3. Click "Settings"
4. Select "chats"
5. Scroll down and select "chat backup"
6. Select "End-to-end encrypted backup"
7. Select "turn on" 

How to activate end-to-en encryption on iPhone

1. Open WhatsApp on your iPhone
2. Tap "settings" at the bottom right corner
3. Tap "chats" 
4. Select "chat backup"
5. Tap "end-to-end encrypted backup"
6. You can choose to create a strong password or use a 24-digit encryption key
7. Tap to "create"

Manage authorized devices 

On April 25, 2023, WhatsApp officially introduced a new feature that allows users to use the platform from up to four different devices. This was a highly requested feature among users, but it comes with a potential risk.

If your friend or partner links their device with your WhatsApp account, they may be able to access all of your messages, media, and voice notes from their device. However, you can always check and remove any linked devices that you don't recognize to ensure the security of your account.

Remove unauthorized devices from WhatsApp

1. Launch WhatsApp 
2. Tap the three dots at the top right corner
3. Tap “Linked devices”
4. Tap on the device you are not familiar with and click log

Beware of Suspicious links and Messages

WhatsApp has become the preferred platform for numerous scammers and hackers now use suspicious links and messages to manipulate their victims. It's crucial to avoid clicking on these links as they contain malware that can compromise not only your WhatsApp account but also your device.

These links are frequently embedded in messages, so it's best to exercise caution and avoid clicking on any suspicious links.

Conclusion

Chat with Confidence: Your WhatsApp is Now Impregnable

By following these steps, you can ensure the safety of your WhatsApp account and protect your private messages, media, and voice chats.

By implementing these security measures users can significantly fortify their WhatsApp accounts, protecting their private conversations and information from unauthorized access and potential exploitation by malicious actors.