Popular photo-sharing app Instagram will soon be getting two-factor authentication that would work without the user’s phone number, according to a report in TechCrunch. Instagram has even confirmed that it is currently working towards being more secure after the Motherboard investigation on SIM hacking was published earlier this week.
Even though the confirmation was prompted by the investigation, it seems like Instagram has been working on the upcoming feature for a while now. Engineer and tipster Jane Manchun Wong tweeted a prototype version of the two-factor authentication feature of Instagram’s APK code for Android earlier this week.
Currently, if you get logged out of your Instagram account, you can log back in as far as you can confirm your identity via the phone number linked to your account. However, Motherboard’s article clearly states that hackers can gain illegal access to a user’s phone number and tie it to a new SIM card. It further says that they manage to do this by using traces of information like a social security number — that may have been leaked during a data breach — and getting the number reassigned to a new SIM by tricking a telecom customer service agent.
After this is done, the hackers can use the phone number for its recovery benefits to reset Amazon, Instagram, Twitter and other social media accounts. They can also use it to extort a victim for financial gain.
A number of tools have been made available by technology giants in order to protect people against the vulnerability of two-factor authentication. For example, Google’s Authenticator app randomly generated numeric codes and has a time limit. Social networking giant Facebook — that also owns Instagram — uses a similar feature on its own app. It’s only natural for Instagram to follow the suit, but it’s surely a change that is welcome.