This has nothing to do with Whatsapp and its use of encryption but is cause by its choice of username and validation method.
The attacker needs to know the phone number and be able to read SMS messages from the phone number. Even very weak methods like the typical security questions would make this much more difficult.
The attacker needs to know the phone number and be able to read SMS messages from the phone number. Even very weak methods like the typical security questions would make this much more difficult.