Instagram launches app-based 2FA and other security tools

Image-sharing site moves away from SMS-based authentication

Instagram has launched a raft of new security measures, including new two-factor authentication (2FA) capabilities, as the popular photo and video-sharing site looks to create a “safe place” for its users.

Making the announcement in a blog post yesterday, Mike Krieger, chief technology officer and co-founder of Instagram, said users can now log in to their accounts using a third-party authentication app.

“This form of two-factor authentication makes it easier and safer for you to securely log into Instagram,” he explained.

“To use a third-party app to log into your Instagram account, go to your profile, tap the menu icon, select ‘Settings’ at the bottom and then choose ‘Two-Factor Authentication.’ Select ‘Authentication App’ as your preferred form of authentication.

“If you already have an authentication app installed, we will automatically find the app and send a login code to it.”

Third-party authenticators for Instagram will include services like Google Authenticator, Authy, and Duo Mobile.

The company previously supported an SMS-based 2FA and the recent changes reflect the social platform’s commitment to stop SIM hijacking.

Bots and bad actors

In addition to these new 2FA capabilities, Facebook-owned Instagram said its more than one billion users will now be able to check the authenticity of accounts through verification tools.

Accounts that reach large audiences and meet Instagram’s Terms of Service can apply to receive a blue badge to signify that the identity of the account holder is legitimate – a similar process to Twitter’s infamous ‘blue tick’.

“Keeping people with bad intentions off our platform is incredibly important to me,” said Krieger.

“That means trying to make sure the people you follow and the accounts you interact with are who they say they are, and stopping bad actors before they cause harm.”

Instagram’s decision to crack down on fake accounts follows similar moves made by its parent company Facebook in the wake of the Cambridge Analytica data scandal last March.

According to the social media company’s inaugural Community Standards Enforcement report, Facebook deleted 583 million fake accounts in the first quarter of 2018, most of which appeared to be linked to spammers rather than illicit activity such as terrorist propaganda or child pornography.