So first of I’m required to use Whatsapp due to work, so I decided to try to make the best out of it.
Register with an prepaid sim card, enable passkeys etc etc.
I managed to get my Passkey all set up (Android). But now I’m a bit puzzled about what WhatsApp is actually doing with it. Typically, in other apps that use passkeys correctly, it’s used as a login credential without needing extra 2FA steps.
However, on WhatsApp, I still have to confirm my number through a call or SMS, which doesn’t seem to involve the Passkey at all. It’s left me wondering, what exactly is WhatsApp using the Passkey for?
I have tried it on a new device, but you will still need to get the SMS verifications, it doesn’t even prompt for any passkeys anywhere which is strange. I thought that was the whole point of the passkeys on Whatsapp, get rid of the insecure SMS verification process
Pin is enabled and whatsapp sometimes even asks it just in case if it is still you. Passkey is just one of the options to login. There is also email. And SMS.