Instagram finally supports third-party authentication apps for greater account security

Turn it on.

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Instagram finally supports third-party 2FA apps for greater account security

Instagram has entered the 21st century, and finally added support for third-party 2FA apps like Google Authenticator, Duo Mobile, and Authy.

Okay, maybe that’s a little unfair. The social network for selfie-lovers was rather late to the game adding support for SMS-based two-factor authentication last year, but at least they got there in the end.

The problem is that SMS-based 2FA is rather frowned upon these days, following a spate of so-called “SIM swap” attacks, where fraudsters manage to trick phone operators into giving them control of someone else’s phone number. When a supposedly secure online account sends its authentication token to the user’s phone number via SMS it ends up in the hands of a hacker.

Sign up to our free newsletter.
Security news, advice, and tips.

In my opinion, SMS-based 2FA is better than no 2FA at all. But it’s definitely not as trustworthy as implementations which allow users to get their entry token (normally a six digit number) from a dedicated authenticator app.

Instagram’s support for third-party authentication apps couldn’t come too soon, after a spate of high profile hacks of Instagram accounts earlier this month.

But now, Instagram has announced it is letting you choose to protect your account with two-factor authentication via an authentication app.

Instagram 2fa

To use a third-party app to log into your Instagram account, go to your profile, tap the menu icon, select “Settings” at the bottom and then choose “Two-Factor Authentication.” Select “Authentication App” as your preferred form of authentication. If you already have an authentication app installed, we will automatically find the app and send a login code to it. Go to the app, retrieve the code and enter it on Instagram, and two-factor authentication will turn on automatically. If you don’t have one installed yet, we will send you to the App Store or Google Play Store to download the authenticator app of your choice. Once you’ve installed it, return to Instagram to continue setting up your two-factor authentication.

Support for third-party authenticator apps has begun to roll out and will be available to the global community in the coming weeks.

Do the sensible thing. Turn it on.

In other news, Instagram also announced that it is introducing “blue check” verification – which will help you confirm that you are following a genuine vacuous celebrity.

Read more about two-step verification:


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Instagram finally supports third-party authentication apps for greater account security”

  1. Anamika NP

    I want to use my boyfriend Instagram account but I don't know anything about her account like password, phone number. email id etc
    What can I do
    Please help me 🙏🙏

    1. Graham CluleyGraham Cluley · in reply to Anamika NP

      I understand your dilemma – you want to use your boyfriend's Instagram account, but don't know their password etc.

      Fortunately there is a simple answer.

      Just ask your boyfriend if you can use their Instagram account. Simple!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.