Instagram will soon allow its users to secure their accounts using two-factor authentication without relying on text messages. A number of security experts have already advised people to not use SMS-based two-factor authentication since there are several ways that attackers may circumvent this method of account verification. For example, attackers may steal the phone numbers of users by reassigning them to a different SIM card. Once the hacker takes control of a person's phone number, they could change the passwords of the victim's accounts and sell them online. In addition, attackers may also take advantage of the vulnerability of the SS7 signaling protocol to gain access to the user's text messages and collect the necessary information to hack their accounts. However, until recently, Instagram users can only secure their accounts through SMS-based two-factor authentication, although the social media platform recently confirmed that it will soon support more secure verification methods.
An inspection of the APK of the Instagram Android app shows that people may soon protect their accounts using security apps like Google Authenticator and Duo Mobile. Upon accessing the two-factor authentication setting, people are given the option to secure their accounts either through text messaging or through a security app. When the user chooses the authentication app option, Instagram will first check if there are any security apps already installed on the smartphone. If there is no security app installed on the device, then the Instagram application will prompt users to download a recommended authentication app, which will provide 6-digit code that they will enter into the social media platform's app.
Aside from Instagram, other tech firms have started recommending more secure and easier to use methods of two-factor authentication to its users. For example, Google has developed an authentication option dubbed as Google prompt, which makes use of other devices where the person's account is already logged in. However, there are occasions wherein hackers were able to successfully circumvent two-factor authentication. Therefore, users should still exercise caution against possible phishing attacks and people are also advised to protect their phone numbers, especially if they still use services that rely on SMS for two-factor authentication.