WhatsApp is known for using end-to-end encryption (E2EE) from Open Whisper Systems.
But it has been lagging behind in adopting two-step verification, something that is already common on services like Google, Amazon and LinkedIn.
Facebook is having it and so as Instagram.
On February 9th, 2017, the messaging app follows the others and announced that it has started rolling out two-step verification for users on Android, iOS and Windows. The company has been working on it for months, releasing the feature initially on its beta version on November 2016.
Two-step verification adds another layer of security for those that are signing up to the app. What it does, is requiring a secondary method of authentication to access it. For WhatsApp, the primary authentication comes from users using the app on their mobile devices, the second is a six-digit passcode that users can create when enabling the feature.
To use the feature, users can go to Settings > Account > Two-step verification > Enable.
However, the feature is available as an option. It's up to the user if he/she chooses to use the feature or not.
By opting to use WhatsApp's two-step verification, the users phone number will be verified using the passcode. Users' phone number won't be permitted to reverify on WhatsApp within 7 days of last using WhatsApp without their passcode. After 7 days, users will be permitted to reverify. But without the passcode, all pending messages upon reverifying will be deleted.
And if users' phone number is reverified on WhatsApp after 30 days of last using WhatsApp without passcode, their accounts will be deleted. They will only be permitted to create a new one upon successfully reverifying.
When the feature is turned on, users have the option to enter their email address. This would allow WhatsApp to send a link via email to disable the two-step verification process if ever the users forgot their six-digit passcode.