Direct answer: To lock WhatsApp with a password and protect your chat history, you can use three native security features built directly into the application. The first is Biometric Screen Lock (Face ID/Touch ID on iPhone or Fingerprint Lock on Android), enabled via Settings > Privacy > Screen Lock. The second is Two-Step Verification (a customizable 6-digit PIN that secures your phone number against SIM swapping and remote hacking), configured under Settings > Account > Two-Step Verification. The third is Chat Lock, which hides and locks specific private conversations in a hidden folder accessible only via biometric scan or your custom device passcode. Combining these tools provides robust digital defense for your private communications.
| Security Feature | What It Protects in Practice | Where to Configure in the Settings Menu | Password/Credential Type |
|---|---|---|---|
| Biometric Screen Lock | Prevents physical access to the application when opened on your mobile screen. | Settings > Privacy > Screen Lock | Face ID, Touch ID, or the general system unlock passcode. |
| Two-Step Verification | Proteces your phone number against SIM swaps, clones, and remote hijacking. | Settings > Account > Two-Step Verification | A custom-defined 6-digit numeric PIN code. |
| Chat Lock (Individual Chats) | Hides specific conversations in a locked folder at the top of your list. | Open Chat > Tap Contact Name > Chat Lock | Device passcode, biometric verification, or a custom secret code. |
| System App Locks (iOS/Android) | Blocks application access using built-in operating system limits. | OS settings menus (Screen Time on iOS, App Lock on Android) | A secondary, independent passcode defined in phone settings. |
Why password-protecting your WhatsApp account is critical
WhatsApp is no longer just a casual text messaging app. Today, it stores a vast array of our personal and professional lives. Work-related negotiations, bank details, personal photographs, and identification files are frequently sent and stored within chat histories. If someone gains physical access to your unlocked smartphone, they can easily read all your private exchanges, steal your digital identity, and even message your friends to request fake bank transfers or loans.
Identity theft on messaging apps has risen dramatically, with bad actors utilizing sophisticated social engineering tactics. For instance, scammers may target public Wi-Fi networks to intercept unprotected mobile traffic, or use device-level vulnerabilities. Having an app-specific lock acts as a critical line of defense, ensuring that even if your mobile operating system is bypassed or your physical device is snatched while unlocked in public, your conversations remain strictly off-limits.
Beyond physical theft, remote account hijacking is an active cyber threat. Attackers use social engineering scams to steal SMS activation codes or deploy SIM-swapping techniques at carrier stores. Without an internal security layer active, hackers can register your number on a new device instantly, locking you out of your account. Setting up biometric locks and two-step verification PINs is your best defense against these attacks.
If you ever find yourself locked out of your account due to an intrusion, check our detailed troubleshooting guide on how to recover a hacked WhatsApp account to regain access. For cases where your profile was disabled due to automated spam reports, our guide on how to recover a banned WhatsApp account outlines how to contact Meta support to submit an appeal.
Method 1: Enabling Biometric Lock (Face ID or Touch ID)
Biometric locking is the most convenient local security measure for daily use. Every time you close WhatsApp and open it again, the application will require Face ID or Touch ID confirmation before revealing your chats. This stops anyone from browsing your messages if you hand them your unlocked phone.
When you use biometrics, the authentication process does not share your facial scan or fingerprint details with WhatsApp. Instead, the application communicates with the phone's native hardware processor (such as Apple's Secure Enclave or Android's Trusted Execution Environment). The processor handles the matching locally and simply sends a "success" or "failure" handshake back to WhatsApp. This ensures your biometric details remain fully private.
To enable the biometric lock on an iPhone:
- Open WhatsApp and tap Settings in the bottom right corner.
- Select Privacy.
- Scroll down to the bottom and tap Screen Lock.
- Toggle on the Require Face ID (or Require Touch ID) switch.
- Choose the auto-lock time limit. For optimal safety, select the Immediately option.
On Android devices, you can set this up by opening Privacy Settings and toggling on "Unlock with fingerprint." If your phone's camera or fingerprint reader suffers from physical damage, such as when Face ID not working errors occur after a drop, WhatsApp will automatically fall back to your system's PIN code to allow secure entry.
Troubleshooting common biometric scanning errors
Biometric scanners are highly reliable, but physical factors can cause them to fail. Touch ID fingerprint sensors often fail to read if your fingers are damp from sweat or washing, or excessively dry in cold weather. Clean the sensor plate with a soft cloth and register multiple fingers to improve success rates. For Face ID, wearing thick winter scarves or sunglasses that block the infrared sensor beam can prevent the TrueDepth camera from detecting eye direction. Ensure your face is clear of major obstructions and hold the device between 10 and 20 inches from your eyes.
Method 2: Configuring Two-Step Verification (Account PIN)
Unlike biometric lock which operates locally on your hardware, Two-Step Verification is a cloud-based security measure managed by WhatsApp's authentication servers. Once active, it requires you to enter a 6-digit PIN code whenever your phone number is registered on any new mobile device.
This setting acts as a shield against SIM swap attacks. Even if a fraudster manages to clone your SIM card and intercept your SMS verification code, they cannot access your chats because they do not know the 6-digit PIN that only you have created.
To set up Two-Step Verification:
- Open WhatsApp and go to Settings.
- Tap on Account and select Two-Step Verification.
- Tap Enable and type in a 6-digit numeric PIN of your choice. Do not use simple sequences like "123456" or your birth date.
- Confirm the PIN by entering it again.
- Enter a valid email address. This step is critical: if you forget your PIN in the future, WhatsApp will send a reset link to this email address. Without it, you could be locked out of your account permanently.
To help you remember your PIN, WhatsApp will occasionally prompt you to enter it when opening the app. This is normal and cannot be disabled while the feature is active. Never share this PIN with anyone, even if they claim to be from official support channels.
Method 3: Locking and Hiding Individual Conversations (Chat Lock)
If you don't want to lock the entire WhatsApp application but have sensitive chatsâsuch as personal conversations or confidential business dealsâyou want to keep away from prying eyes, use the Chat Lock feature.
When you lock a specific chat:
- The conversation is moved out of your main chat list into a hidden folder called "Locked Chats" at the top of your screen.
- This folder only appears when you pull down on the chat list and confirm your identity via Face ID or passcode.
- Notifications from locked chats will not display the sender's name or a preview of the message on your lock screen, ensuring total privacy.
To lock a chat, open the conversation, tap the contact or group name at the top of the screen, tap Chat Lock, and verify with your biometric scan or device passcode.
Advanced Chat Lock: Creating custom secret codes
To take your privacy a step further, WhatsApp allows you to hide the "Locked Chats" folder completely from your main screen using a custom secret code. Once configured, the folder will not appear at all when you swipe down. The only way to access your locked chats is to type your specific secret code directly into the main search bar of the chat screen. This code can contain letters, numbers, symbols, and even emojis, providing a hidden layer of security that no one else can detect.
How to set up a secondary password for WhatsApp using your phone's OS
Some users prefer to have a separate password for WhatsApp that is completely different from their phone's lock screen passcode. While WhatsApp uses your system credentials by default, you can create a custom lock using native iOS or Android features.
On iPhone (Using Screen Time Limits)
You can use the built-in Screen Time feature to set up a secondary 4-digit passcode for WhatsApp:
- Open Settings > Screen Time on your iPhone.
- Tap Use Screen Time Passcode and set up a unique 4-digit PIN.
- Go to App Limits and tap Add Limit.
- Select Social under categories and check WhatsApp.
- Set a daily time limit of 1 minute and tap Add.
Once you use WhatsApp for one minute each day, the app will lock. To continue using it, you must tap "Ask for More Time" and type in your unique 4-digit Screen Time passcode.
On Android (Using Private Folder or App Lock)
Most Android brands like Samsung and Xiaomi have built-in app locking systems:
- Samsung (Secure Folder): Allows you to install a second instance of WhatsApp inside an encrypted sandbox folder protected by a unique PIN or pattern password. You can customize the icon and name of this folder to make it look like a calculator or system utility.
- Xiaomi (App Lock): Under Settings > Apps > App Lock, you can choose a separate password to secure WhatsApp from unauthorized access. You can configure it to lock the app immediately after exiting, preventing quick re-entry by unauthorized users.
Emergency recovery when locks fail
If your Face ID hardware breaks or your fingerprint scanner becomes unresponsive, and you cannot remember your device's backup passcode, you might get locked out of your app. Under these conditions, the only way to regain access to WhatsApp is to uninstall and reinstall the application. This action clears the local cache lock. However, keep in mind that doing this will delete your local chat database. If you do not have an active backup saved in iCloud or Google Drive, your historical chats will be lost. To learn about database recovery, see our guide on how to recover WhatsApp messages without backup.
Advanced security practices for WhatsApp
Setting up passwords is just one part of keeping your account secure. Follow these general privacy habits:
- Never share SMS codes: WhatsApp support will never contact you asking for verification codes. If someone asks for a code, it is a scam.
- Maintain chat backups: Regularly back up your database to keep your data safe. If you lose chats before securing your account, check our guide on how to recover WhatsApp messages without backup.
- Monitor connected devices: Check the "Linked Devices" menu regularly and log out of any web browser sessions you do not recognize. If you have issues using the browser version, see our guide on what to do when WhatsApp Web not working is preventing connections.
Conclusion
Setting up passwords and locks on WhatsApp is a vital step in protecting your digital life. Whether you choose to enable biometric locks for daily privacy, configure Two-Step Verification to prevent SIM swap hijacking, or lock specific chats using Chat Lock, these options keep your private data safe. Combining these settings with secure browsing habits ensures you can use the app safely every day.
Frequently Asked Questions about WhatsApp Passwords (FAQ)
What should I do if I forget my WhatsApp Two-Step Verification PIN?
If you entered an email address during setup, you can tap "Forgot PIN" to send a reset link to your email. If you did not set up an email address, you must wait 7 days for the PIN to expire on the servers before you can register your account on the device again, though you may lose pending messages.
Does WhatsApp biometric lock work when my phone has no internet?
Yes. Biometric scans (Face ID or Fingerprints) are processed locally by your smartphone's secure hardware chip. The lock will function offline without requiring any Wi-Fi or cellular connection.
Can I create a WhatsApp password that is different from my phone's lock screen PIN?
By default, WhatsApp uses your device's system credentials for screen locks. To set an independent password, you must use system features like Secure Folder on Samsung devices or App Limits in iOS Screen Time settings.
If I lock WhatsApp with Face ID, will I still see message notifications?
Yes. Notifications will still appear on your system lock screen. However, you can change your phone's notification settings to hide previews so that the sender's name and message content are hidden until the app is unlocked.
Does the Two-Step Verification PIN expire?
No, the PIN remains active permanently. WhatsApp will periodically ask you to enter the code when you open the app to ensure you have not forgotten it.
Liked it? Share!
