Instagram Security Check hopes to make life harder for account hackers

Instagram has rolled out a new feature in the hope of better securing its one billion monthly active users’ accounts.

As described on Instagram’s blog, Security Checkup will pop-up on users’ smartphones whenever the social network detects suspicious activity associated with an account, or believes it may have been compromised.

For instance, Instagram may prompt you to run a check if it detects your email address has changed recently, or mobile phone number has changed, or to confirm if a Facebook profile connected to your Instagram account is legitimate.

Such checks are important, because if your Instagram account has been hacked an attacker might have attempted to change your contact details, in an attempt to prevent you from recovering access.

Security Checkup should have been rolled out to all Instagram users in the next few weeks.

In addition to announcing the new feature, Facebook-owned Instagram has also taken the opportunity to reiterate the various security measures that can be taken to harden the security of accounts.

First on the list is enabling two-factor authentication (2FA), which adds an additional layer of security beyond usernames and passwords.

According to Instagram, it will soon be supporting two-factor authentication through WhatsApp in some countries. But if this does not appeal, you can still setup 2FA with an authentication app like Google Authenticator.

Secondly, Instagram advises its users to ensure that the email addresses and phone numbers associated with their accounts are correct and up to date – explaining that these steps help you regain control of your Instagram account even if your details have been changed by an attacker.

In addition, Instagram has underlined to users that it will never send you a direct message (DM). Scammer often will use this technique to dupe unwary users into handing over their account passwords or luring them into visiting phishing sites.

As Instagram explains:

“If Instagram ever wants to reach you about your account, we will do so via the ‘Emails from Instagram’ tab in your settings, which is the only place you will find direct and authentic communication from us on the app”.

Finally, Instagram recommends that users enable “Login Request” – a feature which sends an alert when somebody tries to log into your account from a device or web browser that Instagram has never seen you use before. Alert messages contain details of the device attempting to log into the account, and even where it is believed to be located – granting you the permission to approve or deny the request.

Instagram provides this functionality because it knows that there is a large appetite amongst scammers and hackers to steal innocent users’ accounts. Instagram also knows that it has many users who have still not enabled features which are really essential for hardening account security – such as 2FA.

If you’re an Instagram user you can choose to ignore the advice of the site, and not bother to enable these features. But in my opinion you do so at your peril. Protect your account now, and make life harder for the hackers.