By the end of this article, you’ll understand how Two-Factor Authentication (2FA) helps to secure your Instagram against hacks, how to set 2FA up for your Instagram, and equally importantly - how you can still get hacked even with 2FA. Let’s dive in.
What is Two-Factor Authentication?
Two-factor authentication is an authentication method that requires the user to provide two verification factors to gain access to a resource such as an online account.
2FA is a valuable layer of protection that will slow down, if not stop many hacking attempts - but not enough creators use it or fully understand what it is.
How do you setup Two-Factor Authentication?
Instagram, like many other online platforms, offer the ability for a user to add MFA to their account. In this case, Instagram uses two-factor authentication (2FA), creating a two-step verification method. Their process works by requiring a verification code, sent via text to your mobile phone, whenever there's a login attempt from an unrecognized location or device.
This would mean that logging into your account would consist of two steps, first entering your password, and then entering the verification code. Instagram’s full guide on how to activate 2FA and how it works can be found here - alternatively just watch the video below.
Why should you activate Two-Factor Authentication?
The security of your online platforms matters. As you have seen with the analysis of our ‘How I got hacked’ series, 44.4% of the hacks could have been prevented by using unique passwords and multi-factor authentication. The implications of these Instagram hacks are real: not only do we see the mental toll on victims, but also the damaging impact and destruction for their businesses.
And, while 2FA will not stop every attack, it certainly creates a much more difficult barrier to entry for an attacker.
Verizon’s recently published 2022 Data Breach Investigations Report (DBIR) summarized that compromised credentials are the main path to a data breach. Essentially, credentials such as passwords are the main way an attacker can gain access to your account.
The beauty of 2FA is that if your password was obtained, the hacker would still have to verify through two factor authentication, in order to pass Instagram’s authentication. It all boils down to reducing as many areas of vulnerability to make life as difficult as possible for a hacker.
The limitations of Two-Factor Authentication
So at this point you may be thinking that 2FA makes sense and is all you need to protect your account. However, this unfortunately is not the case - so don’t get complacent with your Instagram security. Although 2FA is another layer of security, it is not a perfect solution. MFA, like every security tool, is not unhackable.
General ways in which 2FA can be exploited include techniques such as social engineering, sim swapping attacks, technical manipulation, physical attacks and a mixture of two or more methods. KnowBe4 have published an article which goes into greater detail.
A prime example of 2FA being bypassed can be seen with Jessica Wenjia’s case. The lifestyle influencer, who has over 166,000 followers, received a message from her friend’s account. Her friend wrote that she needed urgent help, and asked Jessica for her mobile number (which was her vector for verification) and later the code that got sent her way.
Her friend’s account, she later discovered, had been stolen by a hacker who was using it as a launchpad to hack other creators. Oblivious to the scam, Jessica sent over the code - highlighting how scarily effective social engineering is and how it can completely undermine multi-factor authentication.
“Oblivious to the scam, Jessica sent over the code - highlighting how scarily effective social engineering is and how it can completely undermine multi-factor authentication.”
If 2FA can be bypassed, how do I protect my Instagram from hackers?
The 2FA function implemented within Instagram is definitely something to activate, however as mentioned above, this should be implemented alongside measures such as using complex unique passwords.
Just as important is being hyper alert about social engineering and phishing, and understanding how they work. When looking at how Cuddle Buddy’s Instagram was hacked, Richie unfortunately fell for a fake email from “Instagram” offering the blue tick verification. Hackers use multiple other phishing tactics, which you can learn about in this article. Also consider taking Google’s phishing quiz to educate yourself on this topic.
Insurance for your Instagram: The only way to truly protect your business
The unfortunate reality is that no matter how much we try to stay secure, no measure will ever guarantee 100% protection against hacks. Hackers target content creators of all sizes and are only getting more sophisticated. That’s why Notch - the first ever insurance against hacks for Instagram creators - was born.
With Instagram insurance, creators finally have a way to protect their content businesses and get peace of mind.
To conclude, here’s our simple framework for stronger Instagram security against hacks:
- Use strong, unique passwords - integrate these within a password manager
- Enable 2FA on Instagram
- Train yourself and any user who manages your account on phishing techniques
- Get Instagram insurance