Two-factor authentication, also known as 2FA, is a very useful tool in protecting your account against unauthorized users. Commonly used via SMS, a user that wants to log in first signs in using their username and password; then an SMS with a unique code is sent to their phone to allow access to the account.
What does this call for? You have to ensure that the phone number you registered with 2FA is the active one. Otherwise, you will not receive SMS or Voice authentication 2FA codes. But this puts one at risk of sim hijacking, where a hacker takes control of your phone number and uses that to break into accounts.
Now, Instagram is pushing towards app-based authentication, that won’t use your phone number when verifying if it is you accessing your account. The app will generate a special code that you need to log in, and this won’t be generated on a different phone. This is expected to make it harder for hackers to break into Instagram accounts.
Instagram is finally working on token-based two-factor authentication!! ?
Thank you Instagram! I have been waiting for this since 2016! We finally won't have to rely our account's security on SMS! ? pic.twitter.com/u0iIPTaZO2
— Jane Manchun Wong (@wongmjane) July 17, 2018
Currently, Instagram lets you recover your account and log in on new devices as long as you can confirm your identify via a phone number associated with your account. But, with a growing new form of online theft has resulted in hackers illegally gaining access to a user’s phone number and tying it to a new SIM card, there is need for a change in the 2FA.
How do hackers do this?
The hackers use private information like a social security number, leaked through data breaches, to trick telecom customer service agents into reassigning a phone number to a new SIM. It is then that they can use the phone number and its recovery benefits to reset the owner’s other accounts.