Instagram is working on a non-SMS two-factor authentication system that will work with security apps like Google Authenticator. The Facebook-owned photo-sharing platform plans to do away with SMS messages for two-factor authentication since it is easy for anyone to hack and assign your phone number to a different SIM card.
Motherboard had earlier published an article that details how Instagram accounts are vulnerable because the app only offers two-factor authentication through SMS. Instagram currently relies on SMS for sending reset information and login code. Now, it has confirmed that it is moving towards more secure form of two-factor authentication.
Instagram has confirmed to TechCrunch that it will support third-party authentication tools that will generate a special code whenever you try to log in for the first time. This way, it will not be possible for a hacker to log in even if they manage to port your number to a different SIM card. The feature has been found buried in the APK of the Android app suggesting the company is preparing to make the option live for its Android users.
The screenshot of the Android APK has been confirmed by the company as well which will work on the underpinning technology of non-SMS two-factor authentication. “We’re continuing to improve the security of Instagram accounts, including strengthening 2-factor authentication,” the company said.
Instagram did not offer any kind of two-factor authentication until 2016 when it had around 400 million users. The company started rolling out the feature few months later after a widespread call for adding the support. However, in the past two years, the technical limitations around the development of SIM porting has diminished and has become a common problem causing identity theft.
Watch: Oppo Find X First Look
It has been reported that hackers use social engineering tactics to port an existing number to another SIM card. With the release of non-SMS two-factor authentication, Instagram will succeed in thwarting such intentions and will be able to better protect over a billion users.