WhatsApp is actively developing a brand-new account password feature that will require users to enter an alphanumeric password during login, sitting on top of the existing verification code and optional two-step verification PIN.
This is not a minor tweak. It is one of the most significant authentication changes WhatsApp has attempted in years, and for over 2 billion active users worldwide, it could meaningfully change how safe your private conversations actually are.
Apple Is Secretly Building Three AI Wearables That Could Change How We Interact With Technology ForeverWhat the New WhatsApp Password Feature Actually Does
According to findings first reported by WABetaInfo, the feature was spotted inside WhatsApp beta for Android version 2.26.7.8. The account password is an alphanumeric string that users choose themselves inside app settings.
It must be between 6 and 20 characters long and must include at least one letter and one number. WhatsApp will also display a password strength indicator to help users make a stronger choice.
As BetaNews confirmed, the password will be required every time a user logs in or re-authenticates after entering their 6-digit SMS verification code. The login sequence will work like this: you enter the one-time verification code, and then WhatsApp asks for your account password.
If you also have two-step verification enabled, you will enter that PIN first, then the account password last. In other words, a potential attacker would need to compromise three separate credentials to get into your account.
Innovation Village explains the real-world threat this addresses. SIM-swap attacks, where criminals convince a mobile carrier to transfer your phone number to a SIM card they control, allow attackers to intercept that 6-digit verification code. With this new layer, even a successful SIM swap would leave an attacker completely locked out of the account.
Why WhatsApp Is Building This Now
The timing is not random. Cyber threats targeting messaging accounts have grown more sophisticated, and WhatsApp has been systematically layering security improvements. Innovation Village notes that in 2025, WhatsApp already introduced passkey-based end-to-end encrypted backups, protecting your chat history stored in iCloud or Google Drive using biometrics like fingerprints or face recognition.
It also rolled out Strict Account Settings, a high-protection mode designed for journalists, activists, and others at elevated risk of targeted cyber attacks.
As 9to5Mac reported, the Strict Account Settings feature, found in Privacy > Advanced on iOS, enables a bundle of extreme protections automatically, including blocking media from unknown senders, restricting calls, and locking account settings. WhatsApp's description in the interface is direct: it is intended for users who believe they are at risk of a cyber attack.
The new account password fits neatly into this broader strategy. Rather than replacing existing protections, it adds to them, creating a layered defense that mirrors how banking apps and enterprise software handle authentication today.
How It Compares to Existing WhatsApp Security Features
To understand why this matters, it helps to know what WhatsApp already offers. Every message, call, photo, and video is protected by end-to-end encryption using the Signal Protocol, meaning WhatsApp itself cannot read your conversations.
Two-step verification, which you enable via Settings > Account > Two-step Verification, adds a 6-digit PIN that activates during login alongside the standard SMS code. Chat Lock lets you protect individual conversations with biometrics or a separate passcode, storing them in a hidden folder that does not appear in your main chat list or notifications.
The account password is distinct from all of these. Unlike Chat Lock, which protects specific conversations on your device, the account password protects the account itself during registration and login, on any device. Unlike two-step verification, which uses a PIN, this is a proper alphanumeric password users choose freely, with complexity requirements enforced by the app. Together, these features create a security stack that is far more robust than what existed even 12 months ago.
Is the Feature Available Right Now?
Not yet for most users. WABetaInfo and BetaNews both confirm the feature remains under development and has not been released publicly. WhatsApp has not announced a release date or any formal beta rollout timeline.
Historically, features spotted in internal Android beta builds can take weeks to months before reaching the general public, and some are quietly shelved before launch. That said, the presence of this feature in beta builds indicates Meta is committed to moving it forward.
Innovation Village notes it will be entirely optional when it does arrive, consistent with WhatsApp's approach to two-step verification. Users who want the extra protection will be able to set, change, or remove their account password at any time.
What This Means for You and How to Prepare
Enable two-step verification now
Go to Settings > Account > Two-step Verification and set a 6-digit PIN. Add a backup email address so you can reset the PIN if you forget it. This alone dramatically reduces your exposure to SIM-swap attacks.
Turn on end-to-end encrypted backups
Go to Settings > Chats > Chat Backup > End-to-End Encrypted Backup and set a strong password or save the 64-digit key. Without this, your chat history sitting in Google Drive or iCloud is potentially readable by those services. WhatsApp cannot read it once encryption is on.
Never share your verification code.
WhatsApp will never contact you to ask for your 6-digit code. If anyone asks for it, that is a scam.
Consider Strict Account Settings if you are at higher risk
On iOS, navigate to Settings > Privacy > Advanced > Strict Account Settings. This bundles all advanced protections in a single toggle.
When the account password feature launches, make it a priority to set one. Use a unique password you do not use anywhere else, at least 8 characters, mixing letters and numbers as required.
The Bigger Picture: WhatsApp's Security Evolution
WhatsApp serves over 2 billion users, processing 100 billion messages every day. At that scale, even a fraction of a percent of compromised accounts represents tens of millions of people. The account password feature, modest as it may sound, addresses a genuine structural weakness: the reliance on a single SMS code as the primary account authentication mechanism. SMS is notoriously vulnerable to interception, redirection, and social engineering.
By requiring a user-chosen password that exists only in memory, WhatsApp moves toward a model closer to what security professionals have advocated for years: something you know, something you have, and something you are. The password adds the first factor in a more meaningful way than a PIN that WhatsApp prompts you for weekly to keep it fresh in your mind.
The broader message from Meta is clear. Security is no longer a checkbox. It is an evolving architecture, and each update, from passkey-encrypted backups to strict account modes to this new password layer, is part of a coherent effort to make one of the world's most used communication tools genuinely difficult to compromise.
Read More
- Samsung Galaxy S26 Ultra vs S25 Ultra: Every Real Upgrade You Need to Know
- Snapchat Rolls Out Arrival Notifications to Let Others Know You’ve Reached Your Destination
- OpenAI Unveils Codex MacOS App Redefining Agentic Coding for Modern Developers
- Galaxy S26 Ultra Introduces a Smart Privacy Screen That Keeps Your Display Secure