As we posted over on our Instagram Stories yesterday, Instagram has announced two new safety features to help users sift the wheat from the disreputable-account chaff, along with an improved form of two-factor authentication (2FA) that’s stronger than SMS text-based authentication.
Instagram co-founder and CTO Mike Krieger said in the post that the aim is to keep bad actors off the platform:
That means trying to make sure the people you follow and the accounts you interact with are who they say they are, and stopping bad actors before they cause harm.
The two bad-actor-sniffers are 1) a global verification form for notable public figures and 2) a new feature to help users evaluate the authenticity of accounts with large followings.
About This Account
In the coming weeks, users will be able to see more context about Instagram accounts that reach large audiences. Here’s how:
- Go to the account’s profile.
- Tap the menu icon.
- Select
Settings. - Select
About This Account. - There, you’ll be able to check out when the account was created, the country it’s located in, accounts with shared followers, a year-long history of any name changes, and any ads the account is currently running.
This new feature reflects the push for transparency around advertisements and who buys them: a push that arose after Russian conspirators purchased ads on social media to spread disinformation and promote discord-fomenting rallies during the 2016 US presidential election.
Krieger said that this is what the Instagram community is asking for: a way to get a better understanding of accounts that reach a lot of people, particularly when such accounts share information about current events, or political or social causes, for example.
If users stumble across an account that seems to violate the platform’s Community Guidelines, Instagram says that they can report it.
In September, the tool will be made available to accounts with a big reach. Instagram is giving them the chance to review the information before it’s made available to the public.
Getting a “verified” badge
Instagram made available the second account-vetting tool on Tuesday: it’s a new way for accounts with a big reach to request a blue verification badge, via a form within the Instagram app.
Not all accounts are guaranteed to get a badge, Instagram says. Requirements include complying with Instagram’s Terms of Service and Community Guidelines. After that, the platform will review verification requests to confirm the “authenticity, uniqueness, completeness and notability of each account.”
To find out more, check out Instagram’s verification criteria at its Help Center.
To access the verification request form:
- Go to your profile.
- Tap the menu icon.
- Select
Settings. - Choose
Request Verification. - You’ll be asked to provide your account username, full name, and a copy of your legal or business information. Instagram says that information won’t be shared publicly.
Say hello to third-party authenticator apps
Soon, Instagram will enable users to use third-party authenticator apps to log into their accounts: a form of 2FA that’s easier and safer for secure login than SMS text-based authentication.
As we’ve noted before, these are the two big “cons” when it comes to getting your 2FA codes via text:
- A crook can hijack your SMSes with a SIM swap scam. If they can convince a mobile phone shop that they are you, they can get them to issue a replacement SIM encoded with your phone number. Your phone will go dead, and theirs will start receiving your calls and messages, including 2FA codes. An alleged SIM-swap scammer was recently arrested for allegedly stealing $5m in Bitcoin and other cryptocurrencies, for example.
- NIST has declared that we can stick a fork in SMS-based 2FA: it’s done.
Here’s how to set up your Instagram account to use a third-party authenticator app:
- Go to your profile.
- Tap the Menu icon.
- Select
Settings. - Choose
Two-Factor Authentication. - Select
Authentication App. - If you’ve already installed an authentication app, Instagram will automatically find it and send it a login code. In that case…
- Go to the app, retrieve the code, and enter it on Instagram. That will automatically turn on 2FA.
- If you haven’t already installed an authentication app, Instagram will shuffle you on over to Apple’s App Store or Google Play to download the app of your choosing (Sophos has you covered here: consider downloading Sophos Authenticator which is also included in our free Sophos Mobile Security for Android and iOS). Once you’ve installed your chosen authenticator, return to Instagram to continue setting up 2FA.
Boosting Instagram security
These three new tools are a welcome addition to boost Instagram accounts’ security and to provide transparency into the sources of content and who’s advertising what on where. And this is just the start, Krieger promised:
We’ve been focused on the safety of our platform since the very beginning, and today’s updates build upon our existing tools, such as our spam and abusive content filters and the ability to report or block accounts.
We know we have more work to do to keep bad actors off Instagram, and we are committed to continuing to build more tools to do just that.