I was poking around in Instagram on my iPhone and it popped up with a suggestion that I enable something called “two factor authentication”. What is that and should I turn it on?
Short answer: yes, enable two-factor authentication for your Instagram account.
In terms of what it is and why it’s a good idea, let’s talk about the basics of account security. Generally security is broken into three categories: what you know, where you are and what you have in your possession. A key that lets you unlock a door and enter a room is a “what you have in your possession” and a “where you are” (you need both for it to work) while your Facebook account password is purely a “what you know” because you can log in from anywhere and you don’t need anything in particular on your person to succeed.
Add a small code generator device like Fortune 500 companies have for their employees (it generates a new numeric code every 60 seconds in sync with the corporate server) and you now have something that you need to have in your possession and something you need to know if you also have a regular account password too.
Make sense? The general concept is that the more of these you require, the more secure the system is. Now think about your unlocked smartphone. Someone else picks it up and since that’s purely “what you have in your possession” they’re now able to access everything even without your permission or you telling them your password. Dangerous, eh? Set up a lock on your phone. Now, preferably. Just in case.
And so, back to Instagram. if you have a regular Instagram account, all someone needs to log in is your account name and password, purely a “what you know”, and something they could steal through a wifi network sniffer or even just watching you cluelessly enter this info as you log in yourself. Two-factor authentication adds a second factor, a secret code that’s sent by text message that you’ll also need to be able to log in. It’s the “what you have” part: without your smartphone you won’t be able to log in to your Instagram account even with your password.
In other words, adding the two-factor authentication to your Instagram account makes it more secure because even if someone steals your account credentials they still can’t log in to your account without also having access to your iPhone or Android phone. And that’s a good thing.
Instagram wants you to be as secure as possible, so it is pushing people to sign up for this security feature too. Let’s have a look!
Here’s my Instagram home view on my iPhone 7:
Very nice photo, Des. Thanks! 🙂
To enable two-factor security, tap on your tiny profile photo in the lower right to get to the profile page. Mine looks like this:
As you can see, Instagram is pushing me to turn on “SMS Updates“, a necessary step towards the two-step authentication. I can tap that to get started, or just tap on the gear icon (middle right) to get to the right spot. Let’s do the latter.
The result is this list of options:
See the entry near the bottom? “Two-Factor Authentication“. That’s the one!
Tap on “Two-Factor Authentication” to proceed.
Make sure that “Require Security Code” is enabled and you’re good to go.
Hold on, though, because you want to also Get Backup Codes just in case you lose your phone or otherwise find you can’t get text messages for a short period of time. They’re one-use codes and should be saved in a secure location (of course). It looks like this:
Since they would give you access to my account and defeat me having two-factor authentication in the first place, I have redacted them. Each code is a pair of two four-digit numbers, however, like “1234 5678”.
All good? Now, try to log in on a new device and it’ll accept your account and password, then prompt you for the new security code:
Meanwhile, a text message will come in with a secret one time code:
That’s it. Put all the pieces together and congrats, you’ve just made your Instagram account a lot more secure!