Its surprising how hackers can steal your phone number by assigning it to a different SIM card, then use it to reset your passwords, but now Instagram is working on a new way of authentication.
The traditional 2-factor authentication method relies on an SMS to a phone number isn’t safe from hacking. According to recent reports, by Motherboard, hackers can steal your Instagram account by porting your phone number onto a different SIM card and simply requesting to change your password; all this, without you ever knowing.
To thwart SIM hackers, Instagram is building a non-SMS 2-factor authentication system that will work with security apps like Google Authenticator and more, in order to prevent from SIM-based theft or hacking. The prototype version of the updated two-factor feature has been found in Android version of Instagram’s APK code, which was discovered by tipster Jane Manchun Wong. In a tweet she expressed her excitement over the new discovery, which reads: “Instagram is finally working on token-based two-factor authentication!! “Thank you Instagram! I have been waiting for this since 2016! We finally won’t have to rely our account’s security on SMS.
Although, The non-SMS based 2FA process, which will use third-party authentication apps like Google Authenticator or Duo. These apps generate a code, which is similar to an OTP, but this code cannot be generated on a different phone in case a hacker ports your number to their SIM. The feature will generate new token for a limited time and users can simply use username and password along with the token to securely login into their accounts. An Instagram spokesperson confirmed invading statement that : Instagram is “continuing to improve the security of Instagram accounts, including strengthening 2-factor authentication.
“Any type of number can be ported,” Roel Schouwenberg, the director of intelligence and research at Celsus Advisory Group, told the publication. “A determined and resourced criminal actor will be able to get at least temporary access to a number, which is often enough to successfully complete a heist.”
This easy access to SIM swapping has turned your phone number into a master key that can be easily accessed and temporarily taken control of. While Instagram, which took its sweet time to even offer this kind of 2FA, works on delivering better security options, take your time and set up a security app like Google Authenticator or Duo to protect your Account.
These new 2FA authentication feature is said to roll out soon.