To prevent you from losing your accounts to hackers, passwords were layered with an additional coating of two-factor authentication (2FA), which would verify your identity via OTPs sent to your SMS inbox. However, with the threat of SIM hackers now on the rise, Instagram is upgrading its 2FA process to a non-SMS one.
According to a recent article by Motherboard, Instagram accounts are very vulnerable to hackers stealing your passwords because the app only uses 2FA through SMS. These one time passwords sent to you as SMS, can be used for both logins and resetting the password altogether.
However, per the recent update that comes via TechCrunch, Instagram is working on a non-SMS based 2FA process, which will use third-party authentication apps like Google Authenticator or Duo. These apps generate a code, which is similar to an OTP, but this code cannot be generated on a different phone in case a hacker ports your number to their SIM.
— Matt Navarra (@MattNavarra) July 17, 2018
Yes, hacking a SIM is that simple. Even when you have your phone and SIM with you, a hacker can simply re-assign your number to their SIM, so that all that OTPs that are sent to your inbox, are received by them too.
But with the non-SMS 2FA, Instagram aiming to avoid the very issue of SIM hackers who can get the same messages sent to your SMS inbox.
With the upgraded system, the app will also be able to tell when you log in to your Instagram account from a computer or phone it doesn’t recognise.
Although, do note that the option to use the SMS-based 2FA will still remain.