With our archives full to bursting with stories of hijacked social media accounts, it’s a very good idea to set up two-factor authentication (2FA) on all the platforms you use. 2FA combines your password with something else – a text message to your phone, a code generated by an authenticator app, or a physical key.
Although Instagram is part of Facebook, and Facebook supports several 2FA methods, the 2FA setup process isn’t exactly the same as it is for Facebook, so if you need a bit of help on how to get two-factor authentication on your Instagram account, we’ve outlined the steps in detail below.
While you can browse Instagram and use some Instagram features from a web browser, it’s really meant to be accessed within the Instagram app. To follow the steps below, you’ll need to be logged into the Instagram app on your smartphone or tablet.
- Go to your Profile by tapping the person icon in the bottom right of the app.
- Open the “hamburger” menu in the top right of the screen. Tap Settings at the very bottom of that menu.
- Scroll down to the Privacy and security section and open it up.
- Under the Security section you’ll find the Two-factor authentication option.
- Instagram will now show you a screen with a basic introduction to 2FA and the methods they support: Text message-based 2FA and app-based. Again, since Instagram is primarily app-based, authentication methods that play nicely with smartphones are what Instagram supports. (USB key-based 2FA devices like a Yubikey wouldn’t work in a mobile context.)
- On the next screen, you can choose the method(s) you’d like to use for two-factor authentication. While you can choose to enable both Text message and Authentication app-based 2FA, it may make things needlessly complicated for you – unless you’re confident you need both options at once, it’s best to stick with just one of these methods.
- The more secure of the 2FA options is to use an Authentication app. You’ll need to install a free app like the Google Authenticator or Duo Mobile app to complete the initial 2FA setup on Instagram, and you’ll also need to keep it installed to log in to Instagram afterward. So if you don’t have an authenticator app installed, go ahead and install one right now.
- Back on the Instagram 2FA setup screen, select the Authentication app option and tap Next, and you’ll be prompted to have Instagram work with your authentication app automatically – which takes care of some of the annoying setup legwork for you, so hit yes. You can use whatever trustworthy authenticator you prefer.
- Your phone will then switch you over to your authenticator app, and you’ll be asked if you want to add the token attached to your Instagram user name. Hit yes, and you’ll see your Instagram account name within the authenticator app, and a 6-digit numerical code underneath it. That code is your authentication token, and it will change at very frequent intervals. So you’ll next want to copy that numerical code and quickly go back to Instagram, where it is waiting for you to input your confirmation code (the numerical code you just copied).
- Paste the code in and you should get a confirmation from Instagram that app-based 2FA is now set up.
You’re not 100% done just yet. The next screen will show you your Recovery codes, which are sort of like an emergency escape hatch if you can’t get 2FA to work – say if you lose your phone and can’t use the authentication app, but need to log in to your account.
In the wrong hands, these codes would also let someone bypass your 2FA protections, so you want to keep them confidential and in a safe place. Some people take a screenshot of the codes and email the screenshot image to themselves, save it in their cloud photo storage, or they even print them out and put them in a locked safe — whatever works for you, as long as the chances of it falling into the wrong hands are minimal.
Once 2FA is set up on your account, Instagram will also send you an email confirming that this new security measure is in place, or if 2FA is ever disabled on your account.
8 comments on “How to secure your Instagram account using 2FA”
My Instagram account was hacked. The hacker turned on 2FA. I was able to verify my identity with Instagram (email address) but they won’t remove the hacker’s cell phone number attached to my account. Any suggestions?
2FA sounds great, but all you end up doing is giving these social media companies your phone number!
How could you ever secure something that belongs to and is controlled by the Facebook surveillance machine? What a laugh…! With respect, I suggest you discourage people from using them in the first place, rather than promoting some illusion that privacy is possible.
Have they fixed the issue where you cant link instagram with facebook if using 2fa?
I don’t think I can do this by myself. Will wait for someone who knows what i am talking about.
how do we recover 2 step authentication if our handphone is lost and our gmail account is hacked?
Most services let you print off a list of backup codes you can lock away at home, just in case. (Like the recovery key that you can create for software like Microsoft’s Bitlocker or Apple’s FileVault full dissk encryption.)
NFC Yubikey can be used on phones if phone is also NFC enabled.