What the WhatsApp Business API Means for 2FA
WhatsApp is indisputably the most popular messaging app in the world now, with 1.5 billion users in 180 countries using the app to chat with friends, family, and now even businesses. The release of the WhatsApp Business solution is making waves in the communications world as companies scramble to build their business profiles and make themselves available to their customers on an app they already use and love.
There are a lot of reasons for businesses to be excited about the WhatsApp Business solution. Nexmo customers, for instance, have jumped at the opportunity to use our APIs to integrate WhatsApp messaging into their applications. Engaging customers through this rich messaging channel is certainly compelling, but let’s explore the often overlooked value of WhatsApp for two-factor authentication (2FA).
To most people, 2FA means SMS:
- You try to log in or register somewhere.
- The website sends you a text message with a one-time code.
- You check your phone to retrieve that code and verify your identity, completing the login process.
But 2FA isn’t always done via SMS. You have probably also received emails or voice calls to verify your identity. And now, with Nexmo, you can use WhatsApp Business solution to send 2FA notifications.
So what’s different about using WhatsApp for 2FA? Well, the entire point of 2FA is security. It requires a second proof of identity to ensure the person logging in is the person they claim to be. With the WhatsApp Business solution, users can feel extra secure since WhatsApp is end-to-end encrypted. Think of all the places you’ve used 2FA to gain access to important services. The list probably includes financial institutions, healthcare systems, government websites, and other systems where security and the ability to guard your identity is vitally important. So it’s no wonder the idea of end-to-end encryption in 2FA is so attractive. How Does 2FA with WhatsApp Work?
Essentially, 2FA works with WhatsApp in the same way as SMS. The user receives a WhatsApp message instead of an SMS; this is beneficial in a lot of situations where mobile carrier coverage is spotty. WhatsApp messages can be delivered over cellular data or wifi networks, which means travelers who don’t have global data coverage and people in areas with no coverage can still complete their 2FA registrations.
WhatsApp users will also appreciate receiving 2FA notifications on an app they already use often—not to mention the benefit of free messaging and the peace of mind from end-to-end encryption. Further, the business sending the 2FA notification doesn’t have to deal with multiple carriers nor ensure that their messages can be received on all applicable cellular networks–WhatsApp is global and universal.
And of course, Nexmo offers the option to failover to SMS–in other words, if your WhatsApp message isn’t delivered or read, after a certain amount of time, a backup message can be sent via SMS. This is a much more attractive prospect in markets where WhatsApp is preferred: the convenience of WhatsApp with good ol’ dependable SMS waiting to play backup as needed.
2FA with WhatsApp via Nexmo APIs
When you use Nexmo APIs to implement the WhatsApp Business solution, you have the power of both at your fingertips. Our APIs do all the work for you, from authentication management to message automation, spanning SMS, Voice, and now, WhatsApp.
The additional layer of security offered by WhatsApp means your 2FA is that much more reliable and safe for your users. And with our built-in failover systems, you can rest assured that when a WhatsApp verification message does not reach the user in a certain amount of time, a code will be sent via SMS. This means you never have to worry about failed messages or reaching users who no longer use WhatsApp. We’ve got you covered.