Instagram developing non-SMS based 2-factor authentication to protect its users from SMS hacking

Instagram, the highly popular Facebook-owned photo and video sharing social network, that came in to existence on October 2010, rolled out two-factor authentication just last year in late March. But, it currently relies on SMS to deliver the six-digit security code to users. However, Instagram has now started working on a non-SMS based two-factor authentication for increased security, especially to protect its users from SMS hackers.


For those unaware, the way two-factor authentication works is that once you enter your login credentials, you are required to enter an additional security code to be able to log in to your account. Without that security code, you cannot access your account even if you have entered the right username and password.

On Instagram, this security code is delivered through SMS. However, delivery of security code through SMS isn’t secure as hackers can easily get access to it by reassigning your phone number to a different SIM card and gaining access to all the SMS that are sent to your number. Thus, to further strengthen its two-factor authentication, Instagram has started working on a non-SMS based two-factor authentication.


With non-SMS two-factor authentication, the requirement to deliver the security code through SMS is eliminated because that security code can be easily generated using third-party apps like Google Authenticator, Authy or Duo Mobile. This prevents hackers from hacking your SIM, acquiring the security code, and then gaining access to your Instagram account.


Instagram has been found working on this feature by Jane Manchun Wong who has previously discovered many under-development Instagram features like Usage Insights and Music Stickers to name a few. Jane discovered this feature by digging through the code of Instagram’s Android app. When asked for more details about this new two-factor authentication, Instagram spokesperson confirmed the development to TechCrunch by saying “We’re continuing to improve the security of Instagram accounts, including strengthening 2-factor authentication.

We are wondering what took Instagram so long to start developing non-SMS based two-factor authentication, however, now that they have started working on it, we hope it’s rolled out as soon as possible to all the users.

Back in December last year, Twitter started allowing the use of third-party apps for two-factor authentication. And, back in May this year, Instagram-parent Facebook also announced that its users can now use third-party apps like Google Authenticator for two-factor authentication without having to provide their mobile phone number.

Well, third-party apps used for two-factor authentication not only reduce the risk of SMS hacking, but, they turn out to be a lot more convenient when you are traveling abroad and your SIM is inactive, or, if you are in an area where you don’t have any signal reception.

That said, we don’t know when Instagram will roll-out its non-SMS two-factor authentication, but, until it does, we highly recommend you to enable SMS-based two-factor authentication for your Instagram account. In fact, we advise you to enable two-factor authentication for all your accounts – be it social media or emails.

Also Read: