WhatsApp is currently testing two major security and privacy updates: mandatory passkey authentication for linking new devices and the introduction of unique usernames. According to development reports, these features aim to move the platform away from its traditional reliance on phone numbers and simple QR code scanning, aligning the service with modern security standards used by competitors like Signal and Telegram.
How WhatsApp Passkeys Will Change Device Linking
Linking a new computer or tablet to a WhatsApp account currently requires only a QR code scan. While efficient, this process has been exploited in social engineering attacks where unauthorized parties gain access to accounts. To mitigate this risk, Meta is testing a requirement for passkeys in its Android beta versions.

Under the proposed system, a QR code scan will no longer be sufficient to authorize a new device. Users will be required to authenticate the session using their device’s built-in security, such as a fingerprint scan, facial recognition, or a PIN. By integrating passkeys—a technology that replaces traditional passwords with biometric or local device verification—Meta intends to add a robust layer of protection against unauthorized account access.
Will Usernames Finally Replace Phone Numbers?
WhatsApp is developing a username feature to allow users to connect without revealing their personal phone numbers. Historically, the phone number has been the singular identifier for a WhatsApp account, which often limits privacy in professional or public group settings. This update would bring WhatsApp closer to the functionality of platforms like Instagram and Telegram.
The implementation will follow specific guidelines to maintain order and security:
- Uniqueness: Each username will be unique to the account holder.
- Character Limits: Names will range from 3 to 35 characters.
- Allowed Formats: Supported characters include letters, numbers, underscores, and periods.
- Domain Restrictions: Formats that mimic internet domains, such as “.com,” are prohibited.
Meta has also indicated that a “Username Key” is in development. This additional layer would require a user to provide a specific key alongside the username to initiate contact, functioning as a gatekeeper against spam and unwanted messages.
Strategic Shift in Privacy Architecture
These developments reflect a broader shift in Meta’s strategy to prioritize user control. By moving away from phone numbers as the primary point of contact, the company addresses long-standing privacy concerns regarding the public exposure of personal mobile numbers in community groups or business interactions.
While competitors like Signal have long utilized username-based connectivity, WhatsApp’s adoption marks a significant evolution for the world’s most-used messaging platform. There is currently no official release date for these features, as they remain in the beta testing phase. Users can expect these tools to arrive in stages, beginning with beta testers before a wider public rollout.
Frequently Asked Questions
Will I still need a phone number to use WhatsApp?
Yes. Even with the introduction of usernames, the underlying account will remain tied to a phone number. Usernames serve as an additional layer of contact, not a total replacement for the registration process.
Can I change my username later?
While the full policy is still in development, Meta has indicated that usernames will be flexible, though they must remain unique to prevent confusion between accounts.
Are these features available now?
No. Both passkey requirements and usernames are currently being tested in development versions of the application and have not been released to the general public.
What are your thoughts on using usernames instead of phone numbers for messaging? Share your opinion in the comments below or subscribe to our newsletter for the latest updates on WhatsApp privacy features.
