WhatsApp ‘2fac’ isn’t what you’d expect

WhatsApp, the popular messaging system, has added a new security feature that’s being called ‘Two Factor Authentication’ but it’s NOT.  Really the new option is more annoying than helpful.

We’re not the only ones critical of WhatsApp and it’s lip-service attitude to security.  The company adds security features but too often they don’t meet the high expectations that customers expect.  WhatsApp keeps records of when and who you are contacting, despite a privacy statement worded to obscure that fact.

WhatsApp is extremely popular and can be used to transfer Office documents. The new feature wrongly called ‘Two Factor Authentication’ by many media outlets is of interest to us.

We strongly urge everyone to use two-factor authentication for their email accounts hosted by Microsoft, Google and others.  Organizing Outlook Email has step-by-step instructions on setting up and using ‘2Fac’ for your important online accounts.

Two Step Verification

The new feature is officially called Two Step Verification.  A branding that, we suspect, is intended to confuse it with real two-factor authentication.

Windows 10 from people 'in the know'

A detailed and independent look at Windows 10, especially written for the many people who use Microsoft Office.

Fully up-to-date with coverage of the Anniversary 2016 major update of Windows 10.

This 670 page book shows you important features and details for all serious Windows 10 users.

In your WhatsApp app, look under Settings | Account.

Click on the Two-step verification option to setup a six digit passcode plus an email address linked to your WhatsApp account.

The passcode needs to be entered ‘occasionally’ when using or opening WhatsApp.  It does not verify use of the app with an approval code from another device  – which is what true two-factor authentication does.

So far, we’ve found the passcode to be more annoying than helpful.  The passcode prompt appears too often on a single device which is already secured with a passcode/pattern of it’s own.

The WhatsApp web interface can stop working mysteriously. You have to open the linked device and enter the passcode to allow the browser version to proceed.