Instagram announced on March 23, 2017 that the company did enable two-factor authentication support for all users of the service.
Two-factor authentication adds a security layer to the sign in process on Instagram. What is meant by that is that you are required to complete a second authentication step before you are signed in to your account and can start using the Instagram application.
An attacker would have to gain access to the username and password, and also the security code that is sent to the user when a new sign in is initiated. Please note that you are only asked to complete the second authentication step if you sign in from an unknown device according to the "Keeping Instagram Safe" page.
Instagram supports two different types of codes that users may use to complete the two-factor authentication process. The first comes via SMS, and it is the primary means of authentication. You get a code via SMS which you need to enter to complete the sign in process.
The second is one of several backup codes. These codes are one-use codes that are generated automatically when you setup the new authentication feature on Instagram.
How to enable two-factor authentication on Instagram
The only requirement for enabling two-factor authentication on Instagram is that you add a mobile phone number to the user profile. You can do so during the setup process, and don't need to add the phone number prior to that.
Two-factor authentication is supported on Android and iOS devices.
Step 1: Click on the profile icon in the bottom menu bar. Tap on the menu icon that is displayed in the top right corner when the profile page opens.
Step 2: Scroll down until you find Two-Factor Authentication listed there, and tap on the option. Toggle "Require Security Code" to enable the security feature for your Instagram account.
Instagram displays a prompt when you toggle the security option:
Turn this on?
Turning on two-factor authentication means we'll send you a security code to enter every time you log in.
Select turn on.
Step 3: The next step depends on whether you have added a mobile phone number to Instagram already or not. If you have, you get a six digit code sent to the number which you need to enter. If you have not, you are asked to enter and verify the phone first.
Step 4: Backup codes are listed on the next page. These codes can be used as one-time codes to sign in. Can be useful if the SMS don't arrive on your device for instance for whatever reason.
How to turn two-factor authentication off again
You can turn off two-factor authentication again at any point in time, provided that you can access the account.
Turning off is simpler. You follow the steps outlined above, but toggle the "require security code" feature to off this time. You need to confirm the turning off of the security feature in the next step when a prompt is displayed to you.
Disabling two-factor authentication on Instagram requires no extra confirmation of any kind.
Support for two-factor authentication for all users is an important step in keeping Instagram accounts safe. It is easy enough to setup, but only supports SMS or backup codes for now. Support for other code generation options, through applications for instance, would certainly be a welcome addition.
Now You: do you use Instagram?