Instagram Adds New Two-Factor Authentication Methods After Recent Hacks

By Ava McKinneyOnline Safety

Instagram Introduces New Two-Factor Authentication Methods Following Recent Hacks

This summer, Instagram users reported a surge in account hacks, even among those who had enabled two-factor authentication (2FA) via SMS. It soon became clear that the issue stemmed from the overall insecurity of SMS-based 2FA. For example, in July 2018, Vice Motherboard journalists published an investigation showing that hackers frequently perform SIM card hijacking, allowing them to steal accounts and identities by the dozens or even hundreds.

It’s worth noting that as early as 2016, the U.S. National Institute of Standards and Technology (NIST) released a document stating that using SMS messages for two-factor authentication is “unacceptable” and “insecure.” Security experts have long echoed this sentiment, pointing out the many possible attack vectors. For instance, attackers can exploit vulnerabilities in the SS7 protocol to intercept messages, perform SIM swaps to reissue a victim’s SIM card in their own name, or even use malware to intercept SMS messages directly on the device.

Instagram’s developers have listened to expert advice and user complaints. They announced improvements to their two-factor authentication system, adding support for third-party authentication apps (such as Google Authenticator and DUO Mobile), which will be available this week. Users will be able to choose their preferred 2FA solution from Google Play or the App Store by enabling the corresponding option in their account settings.

New Features to Combat Bots and Fake Accounts

Additionally, to fight bots, fake celebrity accounts, and abuse, Instagram has introduced a new feature called “About this Account.” With this tool, users can view the history of another account, including its creation date, the country it’s associated with, username changes, and find profiles with overlapping follower bases.

Users can now also apply for account verification by submitting copies of their documents and providing their real name to Instagram’s operators. Verified accounts will receive a special checkmark badge.

Leave a Reply