Instagram finally supports third-party authentication apps for greater account security

Turn it on.

Instagram finally supports third-party 2FA apps for greater account security

Instagram has entered the 21st century, and finally added support for third-party 2FA apps like Google Authenticator, Duo Mobile, and Authy.

Okay, maybe that’s a little unfair. The social network for selfie-lovers was rather late to the game adding support for SMS-based two-factor authentication last year, but at least they got there in the end.

The problem is that SMS-based 2FA is rather frowned upon these days, following a spate of so-called “SIM swap” attacks, where fraudsters manage to trick phone operators into giving them control of someone else’s phone number. When a supposedly secure online account sends its authentication token to the user’s phone number via SMS it ends up in the hands of a hacker.

In my opinion, SMS-based 2FA is better than no 2FA at all. But it’s definitely not as trustworthy as implementations which allow users to get their entry token (normally a six digit number) from a dedicated authenticator app.

Instagram’s support for third-party authentication apps couldn’t come too soon, after a spate of high profile hacks of Instagram accounts earlier this month.

But now, Instagram has announced it is letting you choose to protect your account with two-factor authentication via an authentication app.

Instagram 2fa

To use a third-party app to log into your Instagram account, go to your profile, tap the menu icon, select “Settings” at the bottom and then choose “Two-Factor Authentication.” Select “Authentication App” as your preferred form of authentication. If you already have an authentication app installed, we will automatically find the app and send a login code to it. Go to the app, retrieve the code and enter it on Instagram, and two-factor authentication will turn on automatically. If you don’t have one installed yet, we will send you to the App Store or Google Play Store to download the authenticator app of your choice. Once you’ve installed it, return to Instagram to continue setting up your two-factor authentication.

Support for third-party authenticator apps has begun to roll out and will be available to the global community in the coming weeks.

Do the sensible thing. Turn it on.

In other news, Instagram also announced that it is introducing “blue check” verification - which will help you confirm that you are following a genuine vacuous celebrity.

Tags: , ,

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.