The messaging platform now allows users to secure and access their backups using passkeys. This lets users secure their chat history using fingerprint, facial recognition, or screen lock code. 

Replacing the old method that required WhatsApp users to store a 64-character encryption key or recall a backup password, the passkey makes security become as effortless as unlocking your phone, a simple tap or glance is all it takes to protect or restore your chat history.

WhatsApp says users can now restore their chats seamlessly even after losing a device, without having to hunt for passwords or manually enter encryption keys. The system relies on biometric or device-level authentication, giving users a faster way to protect their data.

“Many of us carry years of precious memories in our WhatsApp chats – photos, heartfelt voice notes, and important conversations,” the company said. “That’s why protecting them if you ever lose your phone or need to transfer to a new device is so important.”

The passkey upgrade expands on the WhatsApp end-to-end encrypted backups introduced in 2021, reiterating the company’s focus on a password-free app.

It also builds on the platform’s earlier rollout of passkeys for account logins, making it clear that WhatsApp wants to make strong security simpler for everyone.

WhatsApp, which now serves over 3 billion users worldwide, said the new feature will roll out gradually over the next few weeks and months on both Android and iOS..

To activate the feature once available, users can open Settings > Chats > Chat Backup > End-to-End Encrypted Backup, then choose to secure their backups using a passkey.

In a statement published on Monday, the company made it clear that the panic resulted from misinformation. “Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue,” Google wrote. “This is entirely false.”

The confusion arose after multiple outlets reported that users had been advised to reset their passwords due to a large-scale compromise.

Many Gmail account holders were surprised, having never received any such notification. The figure of 2.5 billion suggested the warning should have reached everyone, yet it did not.

Behind the rumours lies a smaller incident that occurred in June. Hackers linked to groups such as ShinyHunters and Scattered Spider breached a Salesforce database Google uses to manage advertiser contacts.

The attackers gained entry through social engineering, posing as IT staff before deploying malware.

The data they accessed included business names, contact details, and CRM notes, but no Gmail passwords, emails, or private content. Those affected were notified directly by early August.

While the Salesforce breach did not expose Gmail itself, it triggered a surge in phishing and impersonation attacks. Fraudsters have been exploiting the stolen information to send fake support emails and even make phone calls, a tactic known as “vishing.”

According to Google’s Threat Intelligence Group, phishing and vishing now account for 37% of successful account takeovers across its platforms.

The company stressed that its defences are robust, blocking the vast majority of threats. “While it’s always the case that phishers are looking for ways to infiltrate inboxes, our protections continue to block more than 99.9% of phishing and malware attempts from reaching users,” Google explained in its blog post.

Google also used the opportunity to encourage stronger digital habits. It recommends adopting passkeys, biometric-based alternatives to traditional passwords, and staying alert for suspicious emails or calls.

Although last week’s reports led some users to reset their Gmail credentials in fear of a breach, cybersecurity experts point out that regularly updating passwords is still good practice. The bigger lesson is the importance of clarity, panic spread quickly because a blog about phishing trends was mistaken for a global warning about Gmail itself.

Currently, Gmail users are not under the sweeping threat that headlines suggested. The risk is phishing, not a collapsed wall of Google’s email security.

The new releases, ranging from innovative products to educational campaigns, are designed to make cybersecurity second nature for users, ensuring a safer online experience.

Pixel 8: Enhanced Security with Google Tensor G3

One of these unique updates is the Pixel 8, built with an advanced Tensor G3 chip and enhancing the phone’s resistance against cyber attacks. 

Collaborating with the Titan M2 security chip, Pixel 8 offers advanced security and privacy and the Face Unlock feature now meets the highest Android biometric standards, allowing secure usage for banking and payment applications like Google Wallet.

Passwordless Security: Introducing Passkeys

To enhance user experience and security, Google is introducing passkeys as the default sign-in method across personal Google Accounts. This passwordless approach provides a simpler and more secure way to access online sites, aligning with Google’s dedication to user safety.

Gmail Security Upgrades

Gmail, with its robust AI-powered defenses, already blocks over 99.9% of spam, phishing, and malware, filtering out 15 billion unwanted emails daily. New requirements for large senders have been implemented to create a safer and more user-friendly email environment for everyone.

Privacy Control Enhancements

Google is rolling out updates to privacy controls, offering users more ways to protect their personal information. Improvements to Chrome’s deletion tools on Android will allow users to delete the last 15 minutes of their browsing history, site data, and recent tabs swiftly. Additionally, Google is expanding its dark web report feature, making it accessible through the account menu in the Google App on Android, with iOS support coming soon.

Google App as Credential Provider for iOS Devices

Google is enabling users to utilize the Google App as their Autofill provider on iOS devices. This integration allows for secure and quick password filling into any app or website, enhancing convenience and security.

Educational Initiatives Beyond Google Products

In partnership with the Cybersecurity and Infrastructure Security Agency (CISA), Google is actively promoting cybersecurity education across the United States. As part of CISA’s Secure our World campaign, Google has launched a series of user-friendly videos offering practical tips on cybersecurity best practices. These initiatives aim to raise awareness about multifactor authentication, strong password usage, software updates, and recognizing online scams.

Google’s mission to enhance cybersecurity goes beyond its products, it also includes education and support for users to navigate the digital age securely.

These initiatives take us towards a safer online environment, emphasizing the importance of continuous cybersecurity awareness and proactive measures for all users.

This shift comes after extensive collaboration with industry leaders such as FIDO Alliance, Apple, and Microsoft.

Passkeys represent an approach to accessing apps and websites, offering a more secure and user-friendly alternative to passwords. Users can employ passkeys through biometric sensors like fingerprints or facial recognition, PINs, or patterns. 

Eliminating the need to remember intricate passwords, passkeys enhance both ease of use and security, liberating users from the common pitfalls associated with traditional login methods.

Phishing-Resistant Authentication

Unlike passwords, passkeys are resistant to online threats like phishing attempts, making them a robust solution for safeguarding user accounts. This resilience arises from the dual components of passkeys: one part resides on the app or website’s server, while the other is stored securely on the user’s device. This architecture ensures that even in the event of a server breach, unauthorized access remains nearly impossible without physical access to the user’s device.

Google has been at the forefront of advocating for passkeys as a secure alternative to passwords. Since its introduction, passkeys have gained widespread approval, with 64% of users finding them more convenient than traditional login methods. 

Google is actively encouraging all users to adopt passkeys as their primary sign-in option, emphasizing the significant time saved—passkey login is 40% faster than password-based login.

As passkeys become the default sign-in method for Google Account holders, the era of passwords may be drawing to a close. 

Simplifying authentication processes and enhancing security, passkeys represent a step towards a safer digital future.

So, the next time you sign in to your Google Account, expect to encounter prompts guiding you to create and use passkeys, ensuring your online experiences are secure, seamless, and hassle-free.