WhatsApp is getting ready to toughen up security with two-step verification. The latest beta version of the app on Android includes the feature, and there’s no reason to believe it won’t make it to the stable version soon.
Basically, it adds a 6-digit passcode to your account as an extra security layer when setting up WhatsApp on a new device. WhatsApp normally requires you to confirm your phone number with a text message to that device, but the passcode helps add an extra layer of security to make sure it’s not an imposter.
On an existing account, you can go to your Settings, click on ‘Account’ and then ‘Two-step verification’ to begin the process.
While you won’t have to enter a password every time you open the app, WhatsApp says it will “periodically” ask you to re-enter your passcode. There’s no word on how often that really is, but my guess is that the app will ask you if you go an unusually long time without using the app.
There are some caveats to keep mind, however. According to WhatsApp’s own support documents:
If you have two-step verification enabled, your number will not be permitted to reverify on WhatsApp within 7 days of last using WhatsApp without your passcode. Thus, if you forget your own passcode, but did not provide an email to disable two-step verification, even you will not be permitted to reverify on WhatsApp within 7 days of last using WhatsApp.
After these 7 days, your number will be permitted to reverify on WhatsApp without your passcode, but you will lose all pending messages upon reverifying – they will be deleted. If your number is reverified on WhatsApp after 30 days of last using WhatsApp, and without your passcode, your account will be deleted and a new one will be created upon successfully reverifying.
Basically, you should really add an email address unless you want to be stuck without WhatsApp for a week next time you get a new phone. And make sure it’s correct, as for some reason WhatsApp does not bother to verify your email address to confirm it’s legit, though it asks you to input the email twice during the set up process.
Given the official support document, we expect the feature to roll out to all users soon. If you’re in a hurry for that extra layer of security though, you can just download the APK.