Instagram beefs-up security following hacking campaigns

Friday, 31 August, 2018

After suffering a number of hacking campaigns in the last couple of years, Instagram has announced a trio of substantive security updates that seek to discourage trolling, stop misinformation and make the platform safer for its billion users.

In his blog, Instagram co-founder Mike Krieger announced the three new features, ‘Support for Third-Party 2 Factor Authenticator Apps,’ ‘About This Account’ and ‘Request Verification.’

Support for Third-Party 2 Factor Authenticator

In an effort to beef-up security Instagram has added this feature that allows you to download third-party 2-Factor authentication (2FA) apps such as Duo Mobile and Google Authenticator. This is instead of the traditional text-based 2FA.

With the text-based 2FA it was possible for nefarious individuals to hijack your phone number and SMSs, meaning they could gain access to accounts. The new feature adds an extra security step in the form of a random passcode sent to your device when you log into your account.

To enable the feature, go to Settings, select 2FA and then you should be able to simply select Authentication App.

About This Account

This new feature will allow users to see the details for those popular users with a large following in an effort to weed out the fake. This includes when they joined, where they are located, the ads they are running, any username changes and their social connections. This then gives a user greater information to determine the authenticity of any account.

Our community has told us it’s important to them to have a deeper understanding of accounts that reach many people on Instagram, particularly when those accounts are sharing information related to current events, political or social causes.

- Mike Krieger: CTO, Instagram, Blogpost

Request Verification

This new feature allows users to request the blue verified badge. This, like the ‘About This Account’, will give users greater transparency on large public accounts and helping users to genuinely know they are interacting with legitimate public accounts, celebrities or brands.

To enable this feature, you must comply with Instagram’s Terms of Service and Community Guidelines.

There is a process of applying for verification and Instagram will review that application to confirm your authenticity and, what they describe as the notification of the account, to weed out possible malicious requests.

To apply for the feature head to Settings and select Request Verification under the Account section. Type in your name, but you will need to attach documentary evidence of who you are. This includes a copy of a legal business identification if you are a company or a government-issued photo ID that shows your full name and date of birth if you are applying as an individual.

This sounds a major performance. But if you go to the Instagram Help Centre they will go through the process with you and why.

Just this month hundreds of users suffered a lock-out from their accounts following a hack attack. And last year cybercriminals accessed millions of accounts. Among the many celebrities hit were the singer Selena Gomez and Justin Bieber. Instagram fixed the issue but not before the hackers sought to blackmail individuals with exposure on the dark web.

Image: Jason Howie

Tim Bamford author picture


Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.