In an increasingly connected world, the value of typing on a full-size keyboard has made what you’re seeing above (WhatsApp Web) an indispensable tool for millions. One simple scan of a QR code sends your private chats from your cell phone to a computer screen, streamlining communication for work and personal life. That convenience comes at great personal and professional costs however: it can also pose significant, but often overlooked, privacy risks – especially when that computer is shared with family, colleagues or the general public.
How the WhatsApp Web Login Process Works
The way you log into WhatsApp is pretty simple on the surface, but it has a pretty deep foundation: go to web.whatsapp.com in your computer browser, open WhatsApp on your phone, click Linked Devices and scan the QR code. This pairs your phone—the quintessential command that connects you to the account—with your session in the browser. That fact is why your messages are not saved on the computer itself; they’re tied to your phone in real time the browser is just a display. It’s reasonably secure in theory, but there’s very little it can do if users aren’t careful.
The Primary Risk: Failure to Log Out
The fartsiest and obvious, by far, is that you forgot to log out. When you close the web browser or turn off the computer, the session isn’t necessarily terminated when you hit the X button. Which means that anyone who opens the browser in question, happens to have taken out the address bar and typed in WhatsApp Web into the search bar. To their credit, the new user of the computer doesn’t need a phone, so they can now access any and all of your messages including private photos, videos and sensitive documents without even needing your own phone around.
Browser Data and Saved Information
Apart from having existing session, browsers store data that can be a security risk. If you save the password for the WhatsApp Web site (albeit not for the account itself) that browser may auto-fill a few fields in the future. Other than that, the history of the browser will generally tell users that the page visited web. whatsapp. com, which is a warning that they might still have access to the account. Also, if the computer is infected with malware like a keylogger, then it may record what you do. This is not a bug directly in the WhatsApp.
The Threat of Malicious Intent
A hacker can be lurking on a shared computer either for no obvious reason or because they want to be. That is, you may end up with someone who is constantly running on your computer (I believe it’s just your colleague), and gets an instant screenshot of something that should be private to him. Or he may just left his window open just so he can easily look at your text messages, which he could do with only one click; or they may clone an active session onto another device, using the already open session on the shared computer as a bridge.
Best Practices for Secure Usage on Shared Machines
Fortunately, the safeguard against these risks can be accomplished by forming good digital hygiene habits. One of the easiest ways to avoid these risk is to log out. Always log out: This is the golden rule. You shouldn’t just close the tab. Do what makes you feel secure: click “three dots” in WhatsApp Web, and “Log out” when you’ve finished. With this method you literally seal off the connection between your phone and that computer, stopping everyone from resuming the session. One more bonus: you can check the linked devices of your phone from your phone every time they are connected. Simply go to Settings > Linked Devices in WhatsApp to find a list of every computer that has had a session. From there, you can log out of any device remotely and immediately cut off their access.
Leveraging WhatsApp’s Built-In Security Features
There are tools that help you increase the security of your account. The first one is by turning on two-step verification on your phone. It can do so much for you! When you log into WhatsApp again, you’ll need to enter a PIN, which prevents a person from easily hijacking your whole account if they could simply access your SMS messages. Although this not really prevented a login session on a browser, it did give it an enormous boost in terms of security. You can monitor how often other people are in your connected devices list and look for suspicious sessions and take advantage of them immediately.
Conclusion
WhatsApp Web is an excellent productivity tool, but using it on a shared computer entails caution and responsibility. In short, you might be exposed to what’s considered one of the biggest privacy risks in a forgotten WhatsApp web login session and may even reveal your most sensitive messages ever. As such the user’s responsibility comes first. So, if you keep yourself, your contacts and even your computers, particularly those that are synced up, in tighter control, you can have the benefit of typing on a larger screen without taking away from the privacy and end-to-end encryption of your chats in WhatsApp.
