Protect Ya Neck (and Instagram Pics)
Instagram enabled support for two factor authentication and account verification - giving users an added step to protect their data - in an update to the app this week.
A lot of the people, businesses, and assets that attackers target have obvious inherent value to them: Social Security numbers, credit card and bank account information, confidential corporate data. But some targets aren’t as intuitive and attackers have been able to prey on users who haven’t yet recognized the value of those assets.
High up on the list of perhaps not-so-obvious valuable targets are social media accounts. When platforms such as Twitter, Facebook, and Instagram first became popular among mainstream users, they were generally seen as slightly frivolous diversions, ways to keep friends apprised of what wine you drank with dinner or how many goals your kid scored over the weekend. That’s still how many people treat those platforms, but for many others, those social media accounts have become so intertwined with their daily lives so as to be indistinguishable from actual life.
Attackers have been watching this trend for many years and have been able to take advantage of both the users’ and in some cases the sites’ lack of understanding of how valuable those accounts can be. Low-level cybercrime groups have been taking over swaths of Twitter accounts for years, often through social engineering or simple password resets. And Facebook accounts also are prime targets for some classes of attackers, especially accounts belonging to prominent public figures or organizations. Both of those companies have formidable security teams and considerable resources at their disposal, and they have taken several steps to beef up user account security.
One of the key changes Twitter and Facebook have made is enabling two-factor authentication for users, a move that adds an extra hurdle for attackers trying to perform account takeovers. Both of those platforms offer users a couple of different options for a second factor, including hardware security keys and mobile authentication apps such as Duo Mobile or Google Authenticator. Now, Instagram (which is owned by Facebook) is finally following suit, giving users the option to use authentication apps to protect their accounts.
“This form of two-factor authentication makes it easier and safer for you to securely log into Instagram,” Mike Krieger, CTO and co-founder of Instagram, wrote in a post explaining the change.
“Our mission is to bring you closer to the people and things you love. That closeness can only happen if Instagram is a safe place.”
The new security feature is rolling out to Instagram users over the course of the next couple of weeks, but it’s already started landing for some people. When the 2FA option appears in your account, enable it as soon as you can. Two-factor authentication--especially through hardware security keys or authenticator apps--can make life significantly more difficult for attackers. In addition to 2FA, Instagram also is introducing a couple of other features that are meant to help weed out fake accounts or accounts that might be impersonating celebrities or other popular accounts. Like other social media platforms, Instagram faces a problem with disinformation and influence campaigns. The changes are designed to help address that issue.
“Our community has told us that it’s important to them to have a deeper understanding of accounts that reach many people on Instagram, particularly when those accounts are sharing information related to current events, political or social causes, for example,” Krieger said.
“We know we have more work to do to keep bad actors off Instagram, and we are committed to continuing to build more tools to do just that.”