As Facebook dealt with the fallout from the Cambridge Analytica scandal, coupled with a host of other weighty issues — Russian election interference, fake news, and harassment — there was an underlying question on the minds of many in the tech community: What about Instagram? How long could the Facebook-owned social media app sidestep the challenges and criticisms facing its parent company?
The truth is, Instagram has long had its own problems. These issues — including bots, celebrity imposter accounts, and susceptibility to hackers — are not unique to the social media platform, but they are serious ones all the same. At the end of July, Instagram was further drawn into the Facebook scandal, when the company announced it had removed accounts and ads involved in “coordinated inauthentic behavior” from both social media platforms. Last week, over 600 more pages, groups, and accounts were removed for the same reason.
Today, however, Instagram is taking a stronger stance and bolstering its defenses with three new safety measures meant to prevent hacks and fight fake accounts.
The one that will likely excite users the most is increased access to verification. Though the elusive blue check mark has long been deemed a status symbol on the app, its original intent was far more practical: Instagram introduced verification in 2014 as a way for users who were at the highest risk of impersonation — usually A-listers and prominent public figures — to let followers know which account was their real account.
Before now, no one could request a blue check. Starting today, anyone can.
To request verification, tap Menu > Settings > Request verification. You will need to include a photo of a government-issued photo ID or business documents, such as a tax filing or utility bill.
In a blog post announcing the safety updates, Mike Krieger, Instagram’s co-founder and CTO, noted that just because someone requests verification does not guarantee they will get it. The purpose of verification — to let you “know that the account you are interacting with is the authentic presence of a notable public figure, celebrity, global brand, or entity” — remains the same, and the post says Instagram will look to “confirm the authenticity, uniqueness, completeness, and notability of each account” when reviewing requests. However, it is unclear how the company defines those qualities.
Also included in today’s safety announcement is a new “About This Account” tool that will roll out to users in coming months. The thinking behind this feature seems to be tied to concerns surrounding fake news, a major problem plaguing Facebook: “Our community has told us that it's important to them to have a deeper understanding of accounts that reach many people on Instagram, particularly when those accounts are sharing information related to current events, political, or social causes, for example,” Krieger wrote.
When you go to an account’s Profile, tap Menu > About This Account. You will see information including when the account was created, its location, any former usernames, accounts with shared followers, and ads the account is running. Only public accounts with a large reach will have the new feature and these accounts will be able to review the information in September, before “About This Account” is rolled out worldwide.
Lastly, Instagram is introducing a new, more secure kind of two-factor authentication. Instagram first introduced two-factor, SMS-based authentication in 2016, but the system isn't foolproof. Hackers can perform what's called SIM hijacking to take control of someone's phone number, get the texted code, and access the account. Earlier this summer, Vice reported this was happening to Instagram users, and Reddit's two-factor, SMS setup was also hacked this past June.
In the coming weeks, Instagram will let users set up two-factor authentication through a third-party authentication app such as Google Authenticator or LastPass Authenticator. These apps create random codes that change every minute, can be accessed without an internet connection, and are far less susceptible to interception by hackers.
To switch your two-factor authentication on Instagram from text message to an authentication app, go to your profile > Menu > Settings > Authentication App. You will be prompted to download a third party app to your phone, if you haven't already, and will be asked enter the provided code before the setup is complete.
While these three new safety measures do not make Instagram immune to imposter accounts and hackers, who constantly come up with new ways to game the system, they should go a long ways towards creating a more secure user experience.