Instagram moving away from SMS two-factor authentication

Instagram is building a non-SMS-based two-factor authentication system in response to increased efforts by hackers, TechCrunch reports. Since phone numbers can be stolen by hackers with relative ease — as outlined by Motherboard, all it takes is convincing a carrier customer service rep to port the number to a new SIM card — Instagram accounts have been prime targets for hackers since a password can be reset with only an SMS message. To defend against these sort of attacks, Instagram has told TechCrunch that it will be building a more modern two-factor authentication system that will use one-time passwords that can be generated by apps like Google Authenticator or 1Password. The social media network has been historically slow to adopt stronger authentication methods, not even implementing two-factor authentication at all until 2016 — long after most other social media networks had already adopted even more secure methods, but sadly only relied on basic SMS authentication, leaving the service vulnerable to SIM porting attacks. While Instagram is not alone in using SMS as a second authentication factor, it is one of the few major services that offers that as the sole option.

Latest News