Instagram Will Update Two-Factor Authentication to Not Use SMS Codes

According to a new report from TechCrunch, Instagram is working on a new, more secure method of two-factor authentication that would not require a user’s phone number.

The social media platform will supposedly let you authenticate with code-generating apps like Google Authenticator. It seems as though the company has been working on this feature for some time as Engineer Jane Manchun Wong discovered a prototype version of the updated two-factor authentication within an Instagram’s Android APK.


Currently, Instagram lets you recover your account by identifying via a phone number. However, this method is not secure as hackers have been able to illegally gain access to a user’s phone number and tie it to a new SIM card, which they control.

Once hackers have control of your phone number, they can use it to extort a victim for financial gain or even use it to recover benefits from other online accounts.

Many technology companies, like Facebook and Google, have build solutions which protect against vulnerabilities introduced with SMS-based two-factor authentication.