Two-factor authentication, or just 2FA, is a simple but crucial step in preventing hackers from hijacking your account.
Instagram has enabled 2FA since March 2017. Later, the company announced that it was going to bolster the layer of security on September, by adding a non-SMS method.
And that finally came to realization.
2FA is a security feature that requires users to provide a piece of information other than their password, usually a temporary, randomly generated code, in order to login into their account. For SMS-based versions, 2FA will send users a text message with a code in order to log in. But security experts considered that non-SMS 2FA is more secure because it can’t be intercepted by bad actors using SIM hijacking method, for example.
This is because non-SMS 2FA doesn't send the code via text message, and instead uses third-party app, such as Authy or Google Authenticator.
To use this app-based method, users just need to open Instagram and navigate to its Settings menu. Select 'Privacy and Security', to then select 'Two-Factor Authentication'.
There users can see two toggle options: 'Text Message' and 'Authentication App'.
Choosing the latter will make Instagram to either detect existing authentication apps on the users' device, or invite them to download one (Google Authenticator by default), or allowing them to set up 2FA manually.
Initially, Instagram will ask users to authenticate the device they are using at the moment, but that won't be necessary if the devices have been included to the trusted devices once they have been authenticated.
Two-factor authentication method is a type of multi-factor authentication, which confirms users' claimed identities by using a combination of two different factors. In this case, it utilizes something that users know (password) and a second factor other than something they have or something they are.
SMS was once the desirable choice for 2FA because after all, most people own smartphones. The convenience allows users to quickly and "safely" login into their account.
However, since hackers have found ways to anticipate this SMS-based 2FA, the method is not anymore seen as the most secured way of 2FA. Therefore, security experts advise people to use authentication apps instead, and this in turn makes services to adopt the app-based method.
The approach offers one key advantage: it prevents the use of SIM hijacking campaigns to steer authentication text messages to another phone. Here, users have to be using a specific device to either answer a prompt or obtain the right code.
While this method doesn't make accounts bulletproof, but it could discourage most hackers from trying to break in.
Instagram's parent company Facebook has also enabled non-SMS two-factor authentication on its platform. Previously, Facebook required users to enter their phone number in order to activate two-factor authentication, but with the update, the social giant has streamlined the process by accepting apps like Duo Security and Google Authenticator.