It has been a little while coming, but WhatsApp is finally rolling out support for two-step verification to its messaging app.
The extra layer of security means that it is now more difficult to gain unauthorized access to an account, and it is a feature that is being made available to iOS, Android and Windows users. With the feature enabled, if you -- or anyone else, for that matter -- tries to verify your phone number on WhatsApp, you -- or they -- will have to provide the 6-digit passcode you create.
In addition to creating a passcode to secure your account, WhatsApp also lets you provide an email address which can be used to disable two-step verification. Oddly, WhatsApp has chosen not to run email addresses through any sort of confirmation or verification process, so the FAQ helpfully suggests: "We highly recommend you provide an accurate email address so that you're not locked out of your account if you forget your passcode."
If you want to secure your account, it's a very simple process. Head to Settings > Account > Two-step verification and flip the setting to Enable. Job done!
Something else worth noting also crops up in the FAQ:
If you have two-step verification enabled, your number will not be permitted to reverify on WhatsApp within 7 days of last using WhatsApp without your passcode. Thus, if you forget your own passcode, but did not provide an email to disable two-step verification, even you will not be permitted to reverify on WhatsApp within 7 days of last using WhatsApp. After these 7 days, your number will be permitted to reverify on WhatsApp without your passcode, but you will lose all pending messages upon reverifying -- they will be deleted. If your number is reverified on WhatsApp after 30 days of last using WhatsApp, and without your passcode, your account will be deleted and a new one will be created upon successfully reverifying.