Connect with us

Hi, what are you looking for?


Identity & Access

Instagram Gets Two-Factor Authentication

Instagram, Facebook’s mobile photo-sharing and video sharing service, is finally getting a long requested security feature…two-factor authentication.

Instagram, Facebook’s mobile photo-sharing and video sharing service, is finally getting a long requested security feature…two-factor authentication.

The new security feature will provide users with better account protection, allowing them to verify a phone number to receive authentication codes via SMS messages. As a result, account logins would no longer rely solely on email address and password, which potential attackers could guess, phish or sniff through various methods.

For many, Instagram has become the social network of choice, especially since it is easily accessible from mobile devices through dedicated applications. Facebook, the five-year old service’s parent company, along with various other services out there, have had two-factor authentication as an extra security measure for several years, yet Instagram is late to the party.

Being somewhat exposed to attacks, Instagram accounts have become the targets of choice for many hackers, especially over the past year, when many major accounts got hacked. Unauthorized access to an account can have dire consequences, as it often results in in deleted photos and videos, a lot of spam on the feed, attacks on friends, and loss of followers. For a company, a successful attack could result in embarrassing brand damage.

It’s also worth mentioning that Instagram’s response time to hacked account submissions hasn’t been one of the fastest in the world either. According to Wolf Millionaire, users sometimes had to wait for up to three weeks before getting a response from Instagram and regaining access to their accounts.

The good news is that things are about to change for Instagram users, since two-factor authentication is coming to them, as Wolf Millionaire reported over a week ago, when the feature was in its early testing stages and still very buggy. Instagram has confirmed the test roll-out, yet it hasn’t made an official announcement on the matter as of now.

Apparently, Instagram has yet to nail down all bugs the feature still has, and the current roll-out is only part of a test phase. However, as soon as it appears to be stable, two-factor authentication should become available to all users interested in improving their security posture.

Even with two-factor authentication enabled, users won’t be fully protected against hacking attempts. Last month, Symantec discovered a piece of Android malware that could fool even voice call-based two-factor authorization (2FA), while researcher Sean Cassidy revealed a flaw in LastPass that could allow attackers steal email addresses, passwords, and even two-factor authentication codes.

Advertisement. Scroll to continue reading.

Related: Facebook, Researcher Quarrel Over Instagram Hack

Written By

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.


Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...


The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...