SIM swapping is a growing problem. It’s where someone convinces your carrier to transfer your phone number to a device they control, which then lets them intercept the SMS verification codes that apps like WhatsApp use to confirm your identity. It’s a nasty attack, and right now WhatsApp’s defenses against it are limited. That’s about to change, though. A new WhatsApp account password feature was spotted in the latest Android beta, and it adds a meaningful extra layer of protection.
According to WABetaInfo, who dug into WhatsApp beta for Android version 2.26.7.8, the feature lets users set an alphanumeric password directly from the app’s settings. The password needs to be between six and 20 characters long and must include at least one letter and one number. WhatsApp will also flag whether the password is strong enough. The feature is entirely optional, so nobody’s being forced into it.
Image credit – WABetaInfo
Here’s how it fits into the login flow. After entering the standard six-digit SMS verification code, WhatsApp will prompt for the account password. If you also have two-step verification enabled, you’d enter that PIN first, then the password. So at its fullest, you’re looking at three separate checks before anyone gets into your account.
Why this matters
Right now, getting past WhatsApp’s security mostly comes down to grabbing that six-digit code. Two-step verification helps, but not everyone has it turned on. This new password acts as a safety net either way. Even if a bad actor gets hold of your verification code, they’d still hit a wall without the password.
It’s worth noting the feature is still in development and hasn’t rolled out to beta testers yet. No release date has been confirmed. As with most things spotted in beta builds, it could change before it reaches the public. For now, the best thing you can do is make sure you’re already using WhatsApp’s existing security features while this one makes its way through testing.
