With a billion monthly active users and immense cultural influence, it’s surprising that Instagram is only now rolling out a fairly standard modern security feature: support for two-factor authentication apps. Still, following the better-late-than-never mentality, the the roughly eight-year-old social platform announced the feature is now rolling out, giving its users a better way to secure their logins. Along with this much-anticipated change come new public info pages about large Instagram accounts, and an easily accessible verification request form.
Users everywhere should see support for third-party authenticator apps like 1Password, Google Authenticator, and DUO Mobile in the coming weeks. To try out the new two-factor authentication (2FA) option, users must head to Instagram’s settings, then choose “Two-Factor Authentication” and select “Authentication App” as their preferred form of authentication (the other, existing option being text message). Instagram will find the user’s authenticator app automatically if they already have one, or will be directed to download one, if not.
This change no doubt has security-minded users breathing a sigh of relief. While text message 2FA is better than nothing, it’s much less secure than using an authentication app. If you’re being targeted, there are many ways to intercept text messages, and if an attacker knows your phone number they might potentially be able to trick your carrier into porting your number to a new phone. There’s also the risk of someone walking off with a device of yours that has SMS synced to it, like a laptop. In contrast, an authentication app doesn’t rely on your carrier — the codes stay in the app, and expire quickly. Having said that, they’re not perfect either (security buffs suggest U2F Keys are the most secure option). Still, it’s a step in the right direction, and more than enough for most Instagram users.
Instagram’s other updates also relate to security — but largely in the sense of protecting the community from frauds and scammers. In the coming weeks the company is launching “About This Account” pages for Instagram accounts with large followings. Users will be able to tap the menu button on a profile and select About This Account to see when the account joined Instagram, the country where it’s located, accounts with shared followers, username changes in the last year, and any ads the account is running.
The benefit of this info is that users can now better evaluate the motives of a user, an important step toward lessening misinformation on the popular social platform. Additionally, Instagram has now added a “Request Verification” option in its settings, also in an attempt to reduce fraud and shutdown users that are trying to scam others with a fake identity.
All three changes mark positive improvements for the platform, but are slightly overdue — not an ideal situation to be in when hackers and scammers tend to be a proactive bunch. Thankfully, co-founder and CTO Mike Krieger has the right attitude, writing in a blog post accompanying the updates: “We know we have more work to do to keep bad actors off Instagram, and we are committed to continuing to build more tools to do just that.”