Instagram Bids to Boost Transparency and 2FA


Instagram has introduced new features to their mobile app. These are designed to make accounts more transparent, harder to hijack and easier for brand and celebrities to get verified. These new features can be viewed as a response in part to increased activity by Russian state actors who, it is alleged, are currently looking to influence public opinion through social media ahead of elections.

Instagram Spot Inauthentic Activity

In fact, Facebook was forced to remove 7 Instagram accounts and quite a few Facebook pages and profiles last month. This was a result of them spotting “coordinated inauthentic behaviour” mirroring the kind of activity seen leading up to the presidential election in 2016. To that end, Instagram has decided to launch an “About this Account” tool. The tool is designed to make more information available regarding accounts with large numbers of followers. However, it is not yet clear on how popular the account must be in order to qualify.

What can be Seen

When tapping on the account profile, users will be able to see the date on which the account joined Instagram and the country of location. They will also see username changes in the last year, accounts with shared followers and, more importantly, any ads being run by the account.

“Our community has told us that it’s important to them to have a deeper understanding of accounts that reach many people on Instagram, particularly when those accounts are sharing information related to current events, political or social causes, for example,” explained Instagram CTO, Mike Krieger. “If you do see an account on Instagram you believe violates our Community Guidelines, you can report it.”

Extra Security

User authentication is another main area for any popular web company. Instagram is making its login security extra tight by announcing support for third-party authenticator apps. These will roll out globally in upcoming weeks.
Doing so should help mitigate the rise in attacks designed to intercept 2FA passcodes sent via text. Back in June 2018, this technique was used to hijack Reddit employees. These lead to a major breach of the web platform.

How to Keep your Account Safe

“To use a third-party app to log into your Instagram account, go to your profile, tap the menu icon, select ‘Settings’ at the bottom and then choose ‘Two-Factor Authentication.’ Select ‘Authentication App’ as your preferred form of authentication,” said Krieger. “If you already have an authentication app installed, we will automatically find the app and send a login code to it. Go to the app, retrieve the code and enter it on Instagram, and two- factor authentication will turn on automatically. If you don’t have one installed yet, we will send you to the App Store or Google Play Store to download the authenticator app of your choice. Once you’ve installed it, return to Instagram to continue setting up your two-factor authentication.”

Finally, businesses and celebrities will be able to apply for a verified badge more easily. This is all thanks to changes in the network which will enable them to do so from their profile settings.

Join us for IDM Europe

Join us in March 2019 for our upcoming 6th IDM Europe conference, where we discuss the full lifecycle deployment of Identity and Access Management (IAM) systems across industry and government. This must-attend event will bring together hundreds of IDM thought leaders and innovators across Europe and further afield to discuss and shape the future of secure, risk-driven IAM.