How to use Instagram’s new secure two-factor login

By

Here is yet another lazy photographic metaphor for computer security.
Here is yet another lazy photographic metaphor for computer security.
Photo: Jon Seidman/Flickr CC

Instagram has finally added proper secure authentication to its iPhone app. Previously, you could have Instagram send you a one-time login code via SMS every time you signed in. But SMS isn’t secure, making it relatively easy for people to hijack.

Now, you can use your favorite authenticator app — Google Authenticator, for instance — to generate a one-time code any time you need to sign in to Instagram.

What is 2FA?

If you already use 2FA, or two-factor authentication, then you’ll be familiar with the setup. The usual procedure goes like this:

  • The app or website (Instagram, in this case) gives you a long number.
  • You paste this number into the one-time-password section in your authenticator or password app.
  • Sometimes this number is replaced with a QR code, which you scan with the authenticator app.
  • The authenticator app then gives you a one-time, six-digit code, which you paste back into Instagram.

That’s it. 2FA is now set up. When you log in in future, you’ll use your username and password as usual, but you’ll also be prompted for a one-time passcode. To get this code, you just open up your authenticator app, and copy it. The app generates a new code every 30 seconds.

How to set up 2FA in Instagram

The setup begins.
The setup begins.
Photo: Cult of Mac

This part is dead easy. Just open up Instagram, and go to settings (Tap the profile tab, then tap the ≡ icon, and tap Settings) and scroll down until you see the Two Factor Authentication line.

Tap Two Factor Authentication.
Tap Two Factor Authentication.
Photo: Cult of Mac

Then, choose Authentication app from the options:

Choose Authentication app.
Choose Authentication app.
Photo: Cult of Mac

Next, Instagram will ask if you already have an authentication app installed. Possible apps include Google Authenticator, Dashlane, and 1Password.

Tap Set up Manually if you already have an authentication app installed.
Tap Set up Manually if you already have an authentication app installed.
Photo: Cult of Mac

Tap Set up Manually. Instagram will then show you a long code on the screen. Copy this, just like you’d copy any text, and then switch to Dashlane, or whichever app you use. You can also open up an app on your Mac or iPad and do this step there.

Authentication apps and Instagram 2FA

The next step depends on what app you use. In any case, you will either have to open up your existing Instagram entry in your password/authenticator app, or create a new one. Then, find the section for adding 2FA codes, or one-time passwords, and paste in the long code from the Instagram app.

Tap done. Now, you’ll see a countdown timer with a six digit number. This is your one-time passcode. When the timer reaches zero, it resets, and creates a new passcode. Copy it, and return to Instagram. You’ll be prompted to type/paste in this code to confirm setup. Instagram will also send you an email to confirm that you’ve completed the setup.

Then you’re done. The process is very easy, and is totally worth doing because it means that even your username and password aren’t enough to log in to your account. You’ll need your iPhone, too. The process seems complicated here because I’ve described every step in detail, but the reality is pretty straightforward.