WhatsApp ‘2fac’ isn’t what you’d expect

WhatsApp, the popular messaging system, has added a new security feature that’s being called ‘Two Factor Authentication’ but it’s NOT.  Really the new option is more annoying than helpful.

We’re not the only ones critical of WhatsApp and it’s lip-service attitude to security.  The company adds security features but too often they don’t meet the high expectations that customers expect.  WhatsApp keeps records of when and who you are contacting, despite a privacy statement worded to obscure that fact.

WhatsApp is extremely popular and can be used to transfer Office documents. The new feature wrongly called ‘Two Factor Authentication’ by many media outlets is of interest to us.

We strongly urge everyone to use two-factor authentication for their email accounts hosted by Microsoft, Google and others.  Organizing Outlook Email has step-by-step instructions on setting up and using ‘2Fac’ for your important online accounts.

Two Step Verification

The new feature is officially called Two Step Verification.  A branding that, we suspect, is intended to confuse it with real two-factor authentication.

In your WhatsApp app, look under Settings | Account.

Click on the Two-step verification option to setup a six digit passcode plus an email address linked to your WhatsApp account.

The passcode needs to be entered ‘occasionally’ when using or opening WhatsApp.  It does not verify use of the app with an approval code from another device  – which is what true two-factor authentication does.

So far, we’ve found the passcode to be more annoying than helpful.  The passcode prompt appears too often on a single device which is already secured with a passcode/pattern of it’s own.

The WhatsApp web interface can stop working mysteriously. You have to open the linked device and enter the passcode to allow the browser version to proceed.