Instagram finally supports third-party authentication apps for greater account security

Turn it on.

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Instagram finally supports third-party 2FA apps for greater account security

Instagram has entered the 21st century, and finally added support for third-party 2FA apps like Google Authenticator, Duo Mobile, and Authy.

Okay, maybe that’s a little unfair. The social network for selfie-lovers was rather late to the game adding support for SMS-based two-factor authentication last year, but at least they got there in the end.

The problem is that SMS-based 2FA is rather frowned upon these days, following a spate of so-called “SIM swap” attacks, where fraudsters manage to trick phone operators into giving them control of someone else’s phone number. When a supposedly secure online account sends its authentication token to the user’s phone number via SMS it ends up in the hands of a hacker.

Sign up to our free newsletter.
Security news, advice, and tips.

In my opinion, SMS-based 2FA is better than no 2FA at all. But it’s definitely not as trustworthy as implementations which allow users to get their entry token (normally a six digit number) from a dedicated authenticator app.

Instagram’s support for third-party authentication apps couldn’t come too soon, after a spate of high profile hacks of Instagram accounts earlier this month.

But now, Instagram has announced it is letting you choose to protect your account with two-factor authentication via an authentication app.

Instagram 2fa

To use a third-party app to log into your Instagram account, go to your profile, tap the menu icon, select “Settings” at the bottom and then choose “Two-Factor Authentication.” Select “Authentication App” as your preferred form of authentication. If you already have an authentication app installed, we will automatically find the app and send a login code to it. Go to the app, retrieve the code and enter it on Instagram, and two-factor authentication will turn on automatically. If you don’t have one installed yet, we will send you to the App Store or Google Play Store to download the authenticator app of your choice. Once you’ve installed it, return to Instagram to continue setting up your two-factor authentication.

Support for third-party authenticator apps has begun to roll out and will be available to the global community in the coming weeks.

Do the sensible thing. Turn it on.

In other news, Instagram also announced that it is introducing “blue check” verification – which will help you confirm that you are following a genuine vacuous celebrity.

Read more about two-step verification:

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.