Instagram has entered the 21st century, and finally added support for third-party 2FA apps like Google Authenticator, Duo Mobile, and Authy.
Okay, maybe that’s a little unfair. The social network for selfie-lovers was rather late to the game adding support for SMS-based two-factor authentication last year, but at least they got there in the end.
The problem is that SMS-based 2FA is rather frowned upon these days, following a spate of so-called “SIM swap” attacks, where fraudsters manage to trick phone operators into giving them control of someone else’s phone number. When a supposedly secure online account sends its authentication token to the user’s phone number via SMS it ends up in the hands of a hacker.
In my opinion, SMS-based 2FA is better than no 2FA at all. But it’s definitely not as trustworthy as implementations which allow users to get their entry token (normally a six digit number) from a dedicated authenticator app.
Instagram’s support for third-party authentication apps couldn’t come too soon, after a spate of high profile hacks of Instagram accounts earlier this month.
But now, Instagram has announced it is letting you choose to protect your account with two-factor authentication via an authentication app.
To use a third-party app to log into your Instagram account, go to your profile, tap the menu icon, select “Settings” at the bottom and then choose “Two-Factor Authentication.” Select “Authentication App” as your preferred form of authentication. If you already have an authentication app installed, we will automatically find the app and send a login code to it. Go to the app, retrieve the code and enter it on Instagram, and two-factor authentication will turn on automatically. If you don’t have one installed yet, we will send you to the App Store or Google Play Store to download the authenticator app of your choice. Once you’ve installed it, return to Instagram to continue setting up your two-factor authentication.
Support for third-party authenticator apps has begun to roll out and will be available to the global community in the coming weeks.
Do the sensible thing. Turn it on.
In other news, Instagram also announced that it is introducing “blue check” verification – which will help you confirm that you are following a genuine vacuous celebrity.
Read more about two-step verification:
- Two-factor authentication (2FA) versus two-step verification (2SV)
- How to better protect your Facebook account from hackers
- How to better protect your Twitter account from hackers
- How to enable two-step verification (2SV) on your WhatsApp Account
- How to protect your Amazon account with two-step verification (2SV)
- How to better protect your Google account with two-step Verification (2SV)
- How to protect your Dropbox account with two-step verification (2SV)
- How to protect your Office 365 users with multi-factor authentication
- How to protect your Microsoft account with two-step verification (2SV)
- How to better protect your Tumblr account from hackers with 2SV
- How to protect your LinkedIn account from hackers with two-step verification (2SV)
- How to protect your PayPal account with two-step verification (2SV)
- How to protect your Yahoo account with two-step verification (2SV)
- How to protect your Apple ID account against hackers
- How to better protect your Google account with two-step verification and Google Authenticator
- How to protect your Hootsuite account from hackers
- How to better protect your Instagram account with two-step verification (2SV)
- Instagram finally supports third-party 2FA apps for greater account security
- How to protect your Nintendo account from hackers with two-step verification (2SV)
- How to better protect your Roblox account from hackers with two-step verification (2SV)
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
