How to set up 2-factor authentication for your Instagram account

The end of October is nigh! Halloween is just 2 days away. For those who don’t know, that also means Cyber Security Awareness Month is coming to a close. Over the past few weeks, we have dedicated our tech tips to matters of security, honing in on one specific feature: 2-step verification. Today, we will finish this mini series by looking at how to set up two-factor authentication for one of the social media giants: Instagram.

According to a survey conducted by the Identity Theft Resource Center, “85% had their Instagram account compromised” in 2021. Quite frightening statistics! So if you haven’t already, we highly recommend setting up two-factor authentication as soon as you can. But before we launch into how to do that, let’s first discuss…

What is Two-Factor Authentication?

At Appdrawn Software Development, we like to think of two-factor authentication as being a little bit like a medieval castle. One way to improve a castle’s defences is to make its walls stronger. The same principle applies with your online accounts. You can increase their  protection by making your passwords stronger i.e. longer and more complex. Not sure how to do that? Check out our tech tip on how to make a strong password you can remember.

Throughout history, even when castle walls were made stronger, invading armies would find new means and technologies to break them down. The same goes for our online accounts. Even if we make our passwords stronger, they can still be subject to cyber attacks. Hackers are relentlessly trying to find new and more sophisticated ways of cracking passwords in order to obtain the information inside.

But do not despair — the digital war is not lost! Even though armies penetrated the thicker walls, the medieval master builders were constantly evolving and improving castle design. Moats, battlements and palisade walls were added as extra defensive layers, preventing enemies from entering. Two-factor authentication — also known as 2-step verification — is essentially the digital equivalent of these features. It adds an extra layer of defence to your online accounts.

As it says in the name, 2-factor authentication involves two elements. The first is entering your username and password as per normal. The second is an additional security check, involving entering a unique verification code which can be sent to you by a variety of means. Whichever method you choose, this step is designed to ensure it is in fact you who is logging into your account. It just means that if your password were to ever become compromised, hackers will face this second hurdle and won’t be able to access your account.

How to turn on 2-factor authentication for your Instagram account: Authentication app method (recommended)

Instagram recommends this security method because it allows you to add multiple devices connected to an account. That way they can all get login codes. For example, this is a particularly useful feature for a social media team who all need to access the same business account.

You can use an Authenticator app of your choice. Instagram suggests Duo Mobile or Google Authenticator. For the purposes of this tech tip, we will be sharing instructions specifically for the Google Authenticator app.

Please note that two-factor authentication using the authentication app can only be turned on when using the Instagram mobile app i.e. the app for Android and iPhone, not the web app accessed via a desktop or laptop.

Therefore, on your mobile device:

1. Click your profile picture in the bottom right-hand corner.
2. Tap the hamburger menu icon in the top right-hand corner.
3. Select “Account Centre.”
4. Scroll down to the “Account settings” section.
5. Tap “Password and security.”
6. Select “Two-factor authentication.”
7. Select the account you want to set up two-factor authentication for, if you have multiple.
8. Choose “Authentication app” as your security method.
9. Hit “Next.”
10. Install the Google Authenticator app (or your authentication app of choice) to your mobile device.
11. Open the Google Authenticator app on your mobile.
12. Tap “Get started.”
13. Select the Google Account you would like to use if multiple and press “Continue as [name]” to sign in.
14. Tap “Add a code.” 
15. Select “Enter a setup key.” 
16. Enter “Account name” for e.g. Instagram.
17. Return to the Instagram app.
18. Tap “Copy key.”
19. Return to the Google Authenticator app.
20. Paste key into the Authenticator app.
21. Tap “Add.”

The Google Authenticator app should have generated a six-digit code for you.

1. Copy the six-digit code.
2. Return to Instagram.
3. Hit “Next.”
4. Paste the six-digit code into the field provided.
5. Tap “Next.”
6. Press “Done” to complete the setup.

How to login to Instagram using 2-factor authentication: Authentication app method (recommended)

Now that you have set up two-factor authentication, every time you login to your Instagram account, you will need to enter in a unique verification code generated by your authenticator app. This code will keep changing every 30 secs. So, once you have entered your phone number/username/email address and password on the Instagram login page, open up your authenticator app. Find the latest code and enter it into the field provided back in the Instagram app.

Trusted Devices

Once you have set up two-factor authentication, every time you log into Instagram using a new device, you will be asked whether you would like to “Trust this device.” If you choose to trust the device, it means you won't have to enter the security code generated by your authenticator app every time you log in. 

You should only ever trust a device, if you are the only one who uses it. NEVER trust a device that is public or is shared with people you don’t know. By requiring a unique code generated by your authenticator app account, whenever there is a login attempt from an unknown device that is not you, the person trying to gain entry to your account will be unable to proceed any further. You will also be notified of any login attempt and asked for a unique login code. If it is not you, block and update your password pronto!

How to remove a trusted device on Instagram

If a trusted device gets stolen or you no longer use it, you can remove it from your trusted device list. On another device, login to Instagram:

1. Click your profile picture in the bottom right-hand corner.
2. Tap the hamburger menu icon in the top right-hand corner.
3. Select “Account Centre.”
4. Scroll down to the “Account settings” section.
5. Tap “Password and security.”
6. Select “Two-factor authentication.”
7. Select the account you want to set up two-factor authentication for, if you have multiple.
8. Scroll down and tap “Trusted devices.”
9. Select the device you would like to remove from your trusted device list.
10. Tap “Remove device.”

Backup Codes

Once you have set up two-factor authentication, there will be instances when you try to login to your Instagram account but cannot receive a verification code for one reason or another. These reasons could be connectivity or delivery issues. You may have lost access to your phone. If that happens, do not fear — your account is not lost! You can still access them using one-time backup codes instead.

To find out what the backup codes for your account are:

1. Click your profile picture in the bottom right-hand corner.
2. Tap the hamburger menu icon in the top right-hand corner.
3. Select “Account Centre.”
4. Tap “Password and security.” 
5. Tap “Two-factor authentication.”
6. Select the account that you would like to get backup codes for.
7. Tap “Additional methods.”
8. Tap “Backup codes.”

Keep a record of these codes somewhere safe and secure. If you think your backup codes have become compromised, you can cancel them and get a set of new ones. To do that:

1. Click your profile picture in the bottom right-hand corner.
2. Tap the hamburger menu icon in the top right-hand corner.
3. Select “Account Centre.”
4. Tap “Password and security.” 
5. Tap “Two-factor authentication.”
6. Select the account that you would like to get backup codes for.
7. Tap “Additional methods.”
8. Tap “Backup codes.”
9. Tap “Get new codes.”

At Appdrawn Software Development we are all about software working for the user and not the other way round. If you would like more easy to follow technical instructions, check out our tech tip series.