How to Secure Your Instagram Account With Two-Factor Authentication

Discussion in 'iOS Blog Discussion' started by MacRumors, Oct 10, 2018 at 5:00 AM.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    With social media account hacking becoming increasingly more widespread, users would do well to make sure they're taking every security measure available to them. That goes doubly for frequenters of Facebook-owned Instagram, where account hijacking in particular is a recurring problem.

    One of the best ways to protect any online account is by using two-factor authentication (2FA). 2FA offers hardened security during login attempts by requesting that the user provides an extra piece of information only they would know, such as a randomly generated code from a third-party.

    Instagram has supported two-factor authentication for some time, but it was tied to a phone number and required users to receive text messages, which has proven to be insecure and left some Instagram users vulnerable to SIM hacking. Last week however, Instagram added non SMS-based two-factor authentication to the app with support for third-party authenticator apps.

    With 2FA enabled, you'll be the only person who can access your Instagram account from another device, regardless of whether someone learns your password as the result of a hack or a phishing scam, so it's well worth taking the time to enable the feature. This article shows you how. Note that you'll need to download an authenticator app to follow the steps below - we'll be using Google Authenticator, but Authy is another tried and tested option that works equally well.

    How to Protect Your Instagram Account With 2FA
    1. Launch the Instagram app on your iPhone and log in to your account if you aren't already.
      [​IMG]

      Tap your profile picture in the bottom right of the Instagram feed.
    2. On your profile page, tap the three-lined button at the top-right of the screen.
    3. Tap Settings at the bottom of the pop-out side menu.
      [​IMG]

      Tap Two-factor authentication, listed under privacy and security settings.
    4. Tap Get Started.
    5. Tap the Authenticator toggle.
    6. Tap Next.
    7. Tap Open in the prompt that says Instagram wants to open Google Authenticator.
      [​IMG]

      A prompt will appear in Authenticator asking if you want to add a token for your Instagram account. Tap Yes to confirm.
    8. Tap and hold on the Instagram token to copy the code to the clipboard.
    9. Return to Instagram and long press on the code entry field, then tap the Paste pop-up to enter the authenticator code.
    And that's it - 2FA is now enabled for your Instagram account. Note that once you've authenticated a trusted device in this way, you won't have to do it every time you launch the app, but your account will remain protected.

    Article Link: How to Secure Your Instagram Account With Two-Factor Authentication
     
  2. Jyby macrumors 6502

    Joined:
    May 31, 2011
    #2
    “How to secure your Instagram,” don’t use Instagram.
     
  3. orbital~debris macrumors 6502a

    orbital~debris

    Joined:
    Mar 3, 2004
    Location:
    England, UK, Europe
    #3
    Is there any way that using Google’s Authenticator app sets up a vector for Google to gain access to whatever account?
     
  4. Mac Fly (film) macrumors 65816

    Mac Fly (film)

    Joined:
    Feb 12, 2006
    Location:
    Ireland
    #4
    Facebook are raping all of your data and connections on Instagram (and Facebook... and trying their best on WhatsApp) ... I highly encourage everyone to consider deleting your account. Two-factor authentication is no protection against morally reprehensible Mark Zuckberg:

    Delete Account page.

    And don’t be tempted to save your data, once you decide to delete your account. They are desperate to keep your data.
     
  5. dantastic macrumors 6502a

    dantastic

    Joined:
    Jan 21, 2011
    #5
    2FA did little to protect my instagram account from being hacked. I was not even able to fully reclaim it. Only solution was to delete and I don't miss it one bit.
     
  6. thornslack macrumors 6502

    Joined:
    Nov 16, 2013
    #6
    Cause, you know.... Facebook would never misuse the phone number you provide.

    Oh wait they were already caught selling numbers provided for 2FA.
     
  7. makr macrumors regular

    Joined:
    Feb 16, 2016
    #7
    How did they hack your account with 2FA on?
     
  8. checker2010 macrumors member

    Joined:
    Sep 14, 2010
    #8
    Don’t listen to this guy. Hiding under a rock is no way to live your life.
     
  9. Jyby macrumors 6502

    Joined:
    May 31, 2011
    #9
    Yeah your phone number, mobile unique id, your browser fingerprint... It all links up to a profile that connects your data to the bulk intelligence store (for advertisement and consumer research)... This is how you can google your home address and see all your personal information... Why are there 30+ companies with the same info? Someone has created a standard for identifying people.. Just like insurance companies and doctors offices try to do when they get your social security number..
    --- Post Merged, Oct 10, 2018 at 10:17 AM ---
    I agree- but I also believe there's no reason companies should just hold onto personal data you want to let go. Or track you and try to manipulate you into buying or believing something... Because some machine learning/AI computer profiled you and your behavior.. Allowing people in control of that information to play games with your behavioral biology..

    I don't want to be behaviorally manipulated on purpose for capital gains of somebody else.. Thats immoral.
     
  10. velocityg4 macrumors 68040

    velocityg4

    Joined:
    Dec 19, 2004
    Location:
    Georgia
    #10
    If two factor is our future. I’d like it to be standardized and open source. So, it can be integrated into iOS and Android. Also something which can be used with third party providers. So we can integrate it with multiple devices, web browsers, plug ins, desktop apps, whatever we want. With the ability to add/revoke privileges to any app/device in our verified list.

    That way it can be easy to use. While the user can choose their authentication provider or run their own private authentication server. Then all we have to do is give these web companies an authenticator address.

    Just like I can have an email address with any company and register it at any web site. But use any email app I want to access that email.
     
  11. supremedesigner macrumors 6502a

    supremedesigner

    Joined:
    Dec 9, 2005
    Location:
    Gainesville, Fl
    #11
    Regarding Two-Factor Authentication, I'd love if they used iMessage (blue bubble) instead of SMS (green bubble) to send out the code since it's encrypted.
     
  12. dysamoria macrumors 6502a

    dysamoria

    Joined:
    Dec 8, 2011
    #12
    Would someone please explain the reason SMS two-factor authentication is insecure? I’ve not heard any detail about this and this article is the first time I’ve seen “sim hack” referenced.
     
  13. Jyby macrumors 6502

    Joined:
    May 31, 2011
    #13
    The problem is- two factor is not enough these days if hackers don't care about logging into your account. They just maliciously publish an app that you enjoy and suck your data up. you could be using one of those apps right now and not even know it (cough cough instagram Facebook etc)
    What needs to be done is internet regulation on personal data... if you dont want to be a target for capital gains then you should have the freedom to verifiably restrict access to you data.
    Two factor just prevents a hacker from logging into your account, but if they bypass the login or get your data some other way who cares about two factor right?

    EDIT: They basically divided your 2 factor auth by 2.
     
  14. mdatwood macrumors 6502a

    Joined:
    Mar 14, 2010
    Location:
    Denver, CO
    #14
    Because it’s trivial to take over a phone number and intercept texts sent to your phone. Phone numbers were never meant to be used as a secure authentication method.
     
  15. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #15
    Trivial how?
     
  16. Mac Fly (film) macrumors 65816

    Mac Fly (film)

    Joined:
    Feb 12, 2006
    Location:
    Ireland
    #16
    Don’t listen to this guy. Hiding under Zuckerberg is no way to live your life. Someday a social network will exist that we all can trust much more than Facebook with much better selective privacy that treats users with dignity and this same guy will call said service inevitable... we can’t all own shares in Facebook stock.
     
  17. makr macrumors regular

    Joined:
    Feb 16, 2016
    #17
    Those are encrypted data tho, right?
     
  18. Jyby macrumors 6502

    Joined:
    May 31, 2011
    #18
    Not in the case of Cambridge Analytica. They had access without the need to bypass encryption. Furthermore, if actors can manage to get into your authorized device list (or circle of trust), like China might with Apple servers in their country, they would also have access to the protected information without bypassing the actual sting encryption.

    Disclaimer, this is all speculation.. no need to live life paranoid. But I do agree as a society we need to evaluate how we use technology and what could go wrong if the technology is misused. I believe the founding fathers of America also thought this through for politics. We’re now at a point where we need to evaluate ourselves collectively again.
     
  19. mdatwood macrumors 6502a

    Joined:
    Mar 14, 2010
    Location:
    Denver, CO
    #19
  20. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #20
  21. mdatwood macrumors 6502a

    Joined:
    Mar 14, 2010
    Location:
    Denver, CO
    #21
    Not at analogous at all. A dealership actually has some protections in place like ID checks. I'm also not sure what dealership will mail me a key to someones car if I just call and give them my name and number. Cell phone companies port numbers almost at will because historically people complained that porting was hard. ATT is currently in a lawsuit with a person who lost 200M of bitcoin because they ported out his number. Social engineering it not the only way though. From this article:

    https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/

    That was 2 years ago, and the attacks have only gotten easier to pull off. I know someone who makes their living on IG, and this was one of their biggest fears. Finally adding a secure 2FA method is a big deal.
     
  22. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #22
    Seems like there are various protections in play as far as confirmations go when it comes to porting or getting another SIM, similar to ID checks to get a new car key. Perhaps not all companies follow those type of policies for whatever reason, but then the issue is more with that aspect of it. As far as hacking and all that, in a sense most things are exploitable in some way. However, given how this kind of thing doesn't really seem to be as prevalent as some more complex things that seem to happen more often, doesn't appear that trivial is really a description for it.
     
  23. mdatwood macrumors 6502a

    Joined:
    Mar 14, 2010
    Location:
    Denver, CO
    #23
    I consider trivial as something that is easy enough that non-state actor criminals can do it en masse (ie, not only a high value singular target). This was already done in Germany last year when many bank accounts were drained.

    https://arstechnica.com/information...bank-accounts-by-abusing-ss7-routing-protocol

    The NIST has come out and said using a text or phone call as a means for 2FA is insecure and should not be used. Additionally, most things are not 'exploitable in some way'. AFAIK no TOTPs have been broken.
     
  24. mdatwood macrumors 6502a

    Joined:
    Mar 14, 2010
    Location:
    Denver, CO
  25. dantastic macrumors 6502a

    dantastic

    Joined:
    Jan 21, 2011
    #25
    I'd love to know actually. I only noticed as I all of a sudden was following 100's of spammy accounts. I tried resetting my passwords and ensuring no 3rd party apps had access but still every day the follow number would increase by 20 or so accounts. I tried deleting accounts but they would just come back again a few days later.
    Instagram was of no help what so ever so I just deleted my account.
     

Share This Page