Instagram Announces Support for Two-Factor Authentication Apps and Streamlined Account Verification

by

Instagram today announced several new security enhancements that are being implemented to make the social network safer for all users.

Starting soon, Instagram is implementing support for third-party authenticator apps, which will allow them to be used for two-factor verification purposes in lieu of a phone number.

Instagram has supported two-factor authentication for some time, but it was tied to a phone number and required users to receive text messages, which has proven to be insecure and left some Instagram users vulnerable to SIM hacking.


SIM hacking is a method hackers use to gain access to a person's phone number, using it to get into high-profile social media accounts. Some instagram accounts with short handles are valuable and have been stolen through this method, something a third-party authenticator app can protect against.

Instagram says that users can go to the Settings section of the Instagram app, choose Two-Factor Authentication, and then select "Authentication App" to implement two-factor authentication that does not involve a phone number.

Support for third-party authenticator apps is rolling out and will be available globally "in the coming weeks."

Along improved two-factor authentication, Instagram is also enhancing security through a new "About This Account" section that will be added to high-profile Instagram accounts. This feature will allow users to see more information about accounts that reach large audiences, allowing users to "evaluate the authenticity of the account."

To see more about an Instagram account, users can tap on a profile, tap the hamburger menu option and then select "About This Account." Information displayed will include the date the account joined Instagram, the country where it is located, recent username changes, and ads the account is running.

Starting in September, people who have accounts that reach large audiences will be able to review the information that will be available, and after that, the feature will roll out worldwide.

Instagram also plans to make it easier for Instagram users to earn a blue verified badge that lets people know an account is the "authentic presence of a notable public figure." Verification has been available on Instagram, but prior to now, there was no streamlined process for requesting account verification.

To be verified, an account must comply with Instagram's Terms of Service and Community Guidelines. We will review verification requests to confirm the authenticity, uniqueness, completeness and notability of each account. Visit the Help Center to learn more about Instagram's verification criteria.

Instagram users who want to apply for verification can do so by accessing the Settings app and choosing "Request Verification." Username, full name, and a copy of legal or business identification will be required. Like the other features announced today, the verification option is rolling out to users but could take some time to show up for everyone.

Top Rated Comments

(View all)
Avatar
25 months ago
Wonder what they consider "large accounts". Nearly every one of my accounts has over 20k followers, with most well over 100k. Certainly the +100k will be considered large but I wonder what the cutoff is on the lower end.
[doublepost=1535478415][/doublepost]

Never understand authentication apps. I was using one for a while for 3 accounts. Got a new iPhone installed the app and it was reset. Lost 3 accounts because I couldn’t get back into them. For the average user phone number should be more than enough. I mean seriously who the hell is going to hack my SIM card. Come on.... I can see a use for it for users not wanting to hand over their phone number to shady services but maybe you shouldn’t be using those services anyway, just a thought.

Just last week several apps made headlines for being hacked through SIM exploitation. This type of news (that Mac Rumors also publishes) puts these apps in the spotlight, necessitating moves like this from Instagram, Twitter, and others.

The fact that we're seeing accounts exploited this way is a great indicator that these additional measures are needed.
Score: 2 Votes (Like | Disagree)
Avatar
25 months ago

Wonder what they consider "large accounts". Nearly every one of my accounts has over 20k followers, with most well over 100k. Certainly the +100k will be considered large but I wonder what the cutoff is on the lower end.
[doublepost=1535478415][/doublepost]

Just last week several apps made headlines for being hacked through SIM exploitation. This type of news (that Mac Rumors also publishes) puts these apps in the spotlight, necessitating moves like this from Instagram, Twitter, and others.

The fact that we're seeing accounts exploited this way is a great indicator that these additional measures are needed.

I have 8k and I got the notification about being a high-reach account
Score: 2 Votes (Like | Disagree)
Avatar
25 months ago

I frankly don't understand why important features like this are "rolling out in coming weeks" as opposed to now.

Facebook (and Instagram as part of it) are so huge that they don't roll out new features all at once. Instead, they roll out to smaller areas at a time. This allows them to be sure things are working correctly before continuing to push new features out to everyone. It's a smart way to do things.

If you've ever wondered (or are one of those that gets upset) about Facebook, Instagram, and others who release new updates to their apps every week and just have "Bug fixes and other updates." in the release notes, these updates are what add the ability to push those new features. They don't want to announce those new features in the update because then they can't roll them out gradually. You'd have a bunch of people complaining "WHY ISN'T IT WORKING ON MINE!!!! ‽??!!"
Score: 2 Votes (Like | Disagree)
Avatar
25 months ago

Google Authenticator doesn't have the recovery code in all cases. I remember having to guess whether wiping and restoring my phone from a backup would save it... turns out it does but only if I encrypt my backup. This kind of thing can't be left undocumented!

Not the authenticator, the service you’re using it for. If you use an authenticator app for gmail, you get recovery codes, same with Dropbox, Facebook, and others.


Being pedantic, if there is a recovery code, technically it's 1-factor auth and not 2. But still safer because you'll likely keep that code more securely than you would a password.

It’s still 2 factors.
Factor 1: your password
facror 2: the one time password OR the recovery code.
Score: 1 Votes (Like | Disagree)
Avatar
25 months ago

Never understand authentication apps. I was using one for a while for 3 accounts. Got a new iPhone installed the app and it was reset. Lost 3 accounts because I couldn’t get back into them. For the average user phone number should be more than enough. I mean seriously who the hell is going to hack my SIM card. Come on.... I can see a use for it for users not wanting to hand over their phone number to shady services but maybe you shouldn’t be using those services anyway, just a thought.

You can switch the Google Authenticator app from phone to phone. Just follow the process on the Google Authentication webpage to transfer everything over to the new phone and it'll work just fine.
[doublepost=1535482405][/doublepost]

Wonder what they consider "large accounts". Nearly every one of my accounts has over 20k followers, with most well over 100k. Certainly the +100k will be considered large but I wonder what the cutoff is on the lower end.

Well, that answers my question. Logged into one of my accounts and got this message for "high engagement accounts like yours."

Score: 1 Votes (Like | Disagree)
Avatar
25 months ago

While you aren't wrong, features like two factor isn't something most people use (they should but they don't). More people pay attention to new features on a launch date. And if the feature cannot be used, they tend to be forgotten.

And besides, Instagram's parent company Facebook had TOTP authentication for years. While things can always go wrong and rolling out in phases is safer, I think Instagram is taking more precaution than is warranted.

Also, let's not forget that some big companies, such as Apple, roll out major features to everyone on day 1.

It's not like this change is making major news. Most will never see this announcement on sites like this.

Instagram is already putting announcements within the app and they'll likely add a Story about it too when it rolls out to those chosen users.



I'll be surprised if they don't prompt users to enable it when it becomes available to them too.
[doublepost=1535495722][/doublepost]

Interesting! Did you get the notification recently?

I got the above notification the most recent time I opened the Instagram app.
Score: 1 Votes (Like | Disagree)

Top Stories

8 Third-Party Home Screen Widgets That You Can Try Out Now on iOS 14

Wednesday August 5, 2020 12:56 pm PDT by
One of the biggest new features of iOS 14 is Home Screen widgets, which provide information from apps at a glance. The widgets can be pinned to the Home Screen in various spots and sizes, allowing for many different layouts. When the iOS 14 beta was first released in June, widgets were limited to Apple's own apps like Calendar and Weather, but several third-party developers have begun to test ...

Supposed iPhone 12 Display Unit Leaks

Thursday August 6, 2020 8:13 am PDT by
An image supposedly of an iPhone 12 display unit has been shared online by leaker "Twitter user Mr. White". Compared to images of an iPhone 11 Pro display piece, this new unit has a reoriented display connector, reaching up from the bottom of the display, rather than from the left-hand side on iPhone 11 Pro. This may be due to the logic board moving to the other side of the device. A...

Apple Seeds iOS 14 and iPadOS 14 Public Beta 4 to Testers

Thursday August 6, 2020 10:05 am PDT by
Apple today seeded new public betas of upcoming iOS 14 and iPadOS 14 updates to its public beta testing group. Today's software releases, which Apple labels as fourth betas to keep them in line with developer betas, are actually the third betas that Apple has provided and they come two weeks after the prior beta releases. Public beta testers who have signed up for Apple's beta testing...

Apple Announces New 27-Inch iMac With 10th-Gen Processors, Up to 128GB RAM, 1080p Webcam, True Tone, and More

Tuesday August 4, 2020 8:07 am PDT by
Apple today announced a new 27-inch iMac with faster 10th-generation Intel Core processor options, next-generation AMD graphics, up to 128GB of RAM, a higher-resolution 1080p front-facing FaceTime camera, a True Tone display with a nano-texture glass option, a T2 chip, higher fidelity speakers, studio-quality microphones, and more. A breakdown of the new 27-inch iMac's features and specs:10th...

Google's $349 Pixel 4a vs. Apple's $399 iPhone SE

Wednesday August 5, 2020 1:45 pm PDT by
Google this week launched its newest smartphone, the $349 Pixel 4a, a low-cost device that's designed to compete with other affordable devices like Apple's iPhone SE. We picked up one of the new Pixel 4a smartphones and thought we'd check it out to see how it measures up to the iPhone SE, given that the two devices have such similar price points. Subscribe to the MacRumors YouTube channel ...

Everything New in iOS 14 Beta 4: Apple TV Widget, Search Improvements, Exposure Notification API and More

Tuesday August 4, 2020 11:14 am PDT by
Apple today released the fourth developer betas of iOS and iPadOS 14 for testing purposes, tweaking and refining some of the features and design changes included in the update. Changes get smaller and less notable as the beta testing period goes on, but there are still some noteworthy new features in the fourth beta, which we've highlighted below. - Apple TV widget - There's a new Apple TV...

Samsung Launches Galaxy Note 20, Galaxy Z Fold 2, and Galaxy Buds to Compete With Apple's iPhones and AirPods Pro

Wednesday August 5, 2020 10:07 am PDT by
Samsung today held a virtual Galaxy Unpacked event where it unveiled its next-generation smartphones that will compete with Apple's 2020 iPhone lineup, set to come out in the fall. Samsung announced the launch of the Galaxy Note 20 and the Galaxy Note 20 Ultra, the two newest devices in the Note lineup, and, more notably, the Galaxy Z Fold 2, Samsung's latest foldable smartphone. The...

Alleged 'iPhone 12' Images Depict Circular Array of Magnets in Chassis

Wednesday August 5, 2020 4:39 am PDT by
New images shared on Weibo appear to show a circular array of magnets housed inside an "iPhone 12" chassis. The unverified images depict 36 individual magnets in a circular arrangement, suggesting they could be related to mounting or charging. EverythingApplePro, who shared the Weibo-originating images on Twitter, also posted an image of an alleged iPhone 12 case with a similar array of...

2020 iMac Benchmarks Surface Online [Updated]

Thursday August 6, 2020 7:16 am PDT by
Benchmarks from the new 2020 iMac have today been shared online by Mac Otakara. The Geekbench benchmarks are from the newly-released 27-inch iMac with 3.0GHz Intel Core i5 processor and Radeon Pro 5300 graphics, compared to multiple specs of the previous 2019 iMac. The lowest spec 27-inch i5 iMac from 2020 performs about 20 percent better in multicore than the lowest spec 27-inch i5...

Third-Party RAM for 27-inch iMac Still Far More Affordable Than Apple's Checkout Upgrade Options

Wednesday August 5, 2020 3:06 am PDT by
Apple yesterday announced a new 27-inch iMac with faster 10th-generation Intel Core processor options, next-generation AMD graphics, and up to a whopping 128GB of RAM. To max out the RAM at checkout, Apple charges an additional $2,600, which is like buying another whole iMac. Fortunately, the memory in the 27-inch iMac is user-replaceable thanks to the easily-accessible memory backdoor...