Facebook-owned Instagram confirmed to TechCrunch that the feature is now in testing and is beginning to roll out to users. Once enabled, the account owner receives a text with an authentication code each time their email address and password is used to login. The code is then entered into the app to complete the sign-in process.
In the event of an attacker stealing the user’s email address and password, they wouldn’t be able to access the account online without first compromising the user’s phone as well. The code adds another step for any hacker to overcome, keeping users safer.
Security experts advise people to turn on two-factor authentication wherever possible. Although it adds a few seconds to the sign-in process, those few seconds are likely to cost much less than dealing with online identity theft. This is especially true in the case of services like Instagram where most users login once and then stay signed-in for the rest of their device’s life.
For a service with 400 million users, the absence of two-factor authentication has become increasingly conspicuous. With the app’s growth has come expansion into other areas where a hacking could directly affect business. Instagram is now used by advertisers and marketers who rely on it for revenue, as well as businesses and corporations who engage with their customers and publicize their products.
An attacker emptying a personal account of memorable photos could be devastating enough for an individual. A corporate account being hijacked and used to display scams or links to other malware could leave the company out of pocket and unable to maintain contracts with advertisers.
The addition of two-factor authentication is therefore a bigger feature than it may seem on the surface. Instagram is no longer a start-up photo sharing app and cannot afford to stay behind the times on security any more.
Rival social networks, including parent company Facebook, have offered users the feature for years. Instagram is very much in the minority as an established social network that still relies on the username and password as the only lock it places into the doors of its user accounts.
Instagram is still testing two-factor authentication for eventual rollout to all of its users. In the meantime, only a limited group have access to it, available via the Security settings menu within the company’s iOS and Android apps.