Social Media
Instagram is building non-SMS 2-factor auth to thwart SIM hackers
Hackers can steal your phone number by reassigning it to a different SIM card, use it to reset your passwords, steal your Instagram and other accounts and sell them for bitcoin. As detailed in a harrowing Motherboard article today, Instagram accounts are especially vulnerable because the app only offers two-factor authentication through SMS that delivers a password reset or login code via text message.
But now Instagram has confirmed to TechCrunch that it’s building a non-SMS two-factor authentication system that works with security apps like Google Authenticator or Duo. They generate a special code that you need to log in that can’t be generated on a different phone in case your number is ported to a hacker’s SIM card.
Buried in the Instagram Android app’s APK code is a prototype of the upgraded 2FA feature, discovered by frequent TechCrunch tipster Jane Manchun Wong. Her work has led to confirmed TechCrunch scoops on Instagram Video Calling, Usage Insights, soundtracks for Stories and more.
When presented with the screenshots, an Instagram spokesperson told TechCrunch that yes, it is working on the non-SMS 2FA feature, saying, “We’re continuing to improve the security of Instagram accounts, including strengthening 2-factor authentication.”
Instagram actually lacked any two-factor protection until 2016 when it already had 400 million users. In November 2015, I wrote a story titled “Seriously. Instagram Needs Two-Factor Authentication.” A friend and star Instagram stop-motion animation creator Rachel Ryle had been hacked, costing a lucrative sponsorship deal. The company listened. Three months later, the app began rolling out basic SMS-based 2FA.
But since then, SIM porting has become a much more common problem. Hackers typically call a mobile carrier and use social engineering tactics to convince them they’re you, or bribe an employee to help, and then change your number to a SIM card they control. Whether they’re hoping to steal intimate photos, empty cryptocurrency wallets or sell desirable social media handles like @t or @Rainbow as Motherboard reported, there are plenty of incentives to try a SIM porting attack. This article outlines how you can take steps to protect your phone number.
Hopefully as knowledge of this hacking technique becomes more well-known, more apps will introduce non-SMS 2FA, mobile providers will make it tougher to port numbers and users will take more steps to safeguard their accounts. As our identities and assets increasingly go digital, it’s pin codes and authenticator apps, not just deadbolts and home security systems, that must become a part of our everyday lives.
25 most underrated TV shows on Netflix
Every ‘Doctor Who’ Easter egg found in ‘Joy to the World’
‘Better Man’ review: All hail Robbie Williams, a chimp for all seasons
Is ‘Blink Twice’ streaming anywhere? Here’s what you need to know.
Greatest films by women creators on Netflix
Beyoncé’s Christmas halftime show on Netflix: What to know about the NFL event
2024: A year of digital organizing from Palestine to X
Should you buy the 2024 Kindle Paperwhite Signature Edition?
Mars is littered with junk. Historians want to save it.
‘The Wild Robot’ and ‘Flow’ are quietly revolutionary climate change films
Black Friday Ninja deals: Ninja Slushi in stock, plus the Creami and air fryers on sale
‘A Complete Unknown’ review: Timothée Chalamet infuriates as Bob Dylan
Bluesky can learn from Twitter’s early mistakes
Greatest Cyber Monday streaming deals 2024: Save up to 90% on Hulu, Peacock
Greatest post-Cyber Monday deals 2024: Shop Amazon, Greatest Buy, Target, more
Apple Black Friday deals 2024: Amazon has record-low prices
Amazon Black Friday laptop deals: Shop record lows on M3 MacBook Air, Microsoft Surface Laptop 7
2025 movie preview: All the films you’ll want to know about
Guided gratitude meditations: 6 free tracks to help you feel grounded
Greatest Cyber Monday deals 2024: Shop Amazon, Greatest Buy, Target, more
25 most underrated TV shows on Netflix
Every ‘Doctor Who’ Easter egg found in ‘Joy to the World’
‘Better Man’ review: All hail Robbie Williams, a chimp for all seasons
Is ‘Blink Twice’ streaming anywhere? Here’s what you need to know.
Greatest films by women creators on Netflix
Beyoncé’s Christmas halftime show on Netflix: What to know about the NFL event
2024: A year of digital organizing from Palestine to X
Should you buy the 2024 Kindle Paperwhite Signature Edition?
Mars is littered with junk. Historians want to save it.
‘The Wild Robot’ and ‘Flow’ are quietly revolutionary climate change films
-
Entertainment7 days agoPolyamorous influencer breakups: What happens when hypervisible relationships end
-
Entertainment6 days ago‘The Room Next Door’ review: Tilda Swinton and Julianne Moore are magnificent
-
Entertainment5 days ago‘The Wild Robot’ and ‘Flow’ are quietly revolutionary climate change films
-
Entertainment5 days agoMars is littered with junk. Historians want to save it.
-
Entertainment6 days agoCES 2025 preview: What to expect
-
Entertainment4 days agoShould you buy the 2024 Kindle Paperwhite Signature Edition?
-
Entertainment3 days agoBeyoncé’s Christmas halftime show on Netflix: What to know about the NFL event
-
Entertainment3 days ago2024: A year of digital organizing from Palestine to X
