Instagram Now Offers an Easy Way to Recover a Hacked Account

Instagram Offers a New Account Recovery Mechanism

Instagram has over a billion active users. Some of them think that it's a great way of sharing their holiday memories with their friends. Others use it as a platform for publishing photos of the salad they're about to eat. Others still use their popularity on Instagram to charge thousands of dollars in exchange for posting selfies of themselves using a specific brand of products. Whatever you use Instagram for, you don't deserve to get your account hacked. Yet, many of you do.

A simple Twitter query can tell you the whole story. Instagram accounts get compromised all the time, and the number of unhappy users who can't regain access to their photos and data shows that the recovery process is not exactly flawless. Unusually for a social network run by Mark Zuckerberg, Instagram is listening to what users have to say and is doing something about it.

The problem with Instagram's old account recovery mechanism

Let's start by looking at how compromised Instagram accounts have been recovered so far. After you click the "Forgot password?" link on the social network's login page, you'd be asked for either the email address, the username, or the phone number associated with your account. When you provide it, Instagram would send you a password reset link which, when followed, would give you the chance to assign a new password.

You can probably see why Instagram chose this particular mechanism. It's simple which means that users are unlikely to struggle with it too much, and at the same time, it gives them a reliable way of regaining access to their compromised accounts. This, unfortunately, is only the theory.

The success of the account recovery process is dependent on users having access to the email address or phone number associated with the hacked Instagram account. Making sure that this is not the case is one of the first things on the hackers' to-do list.

Changing the email address and phone number associated with an Instagram profile is very easy, and if your account ever gets compromised, you can bet that this is one of the first things that will happen. If your email or phone number is no longer associated with the compromised account, you have no way of receiving the password reset link. Your only course of action is to contact Instagram directly and ask for assistance which, as hordes of upset users can testify, is easier said than done.

Instagram improves the account recovery process

Last week, Instagram announced that it has seen the flaws and is improving the account recovery mechanism. Android users can already take advantage of it, and it will soon be a part of the photo sharing app's iOS version. On the face of it, the changes aren't that significant. Here's the whole process step by step:

  1. You either click the "Need more help" link or are taken there after multiple failed login attempts
  2. You are asked for an email address or a phone number associated with your Instagram account
  3. Instagram then requests a six-digit code which will be sent to you either as an email or as an SMS
  4. If the correct code is provided, Instagram gives you the chance to assign a new password and regain access to your account

Not much in the way of obvious changes, you have to agree, but there are some more subtle differences that increase the chances of successful account recovery. First of all, when Instagram asks you for a phone number or an email address, you can provide either the ones that are currently associated with the account or the ones you used when you were signing up. In other words, even if hackers change your contact details, they might not be able to completely lock you out.

There is another precaution. The six-digit code you receive will only work on the device you request it from. In other words, if the crooks manage to get their hands on it, they will not be able to use it to reset your password.

The final change is supposed to protect your username. As Motherboard reported last week, catchy Instagram handles fetch some pretty high prices on the underground markets, and the hackers are actively exploiting the business opportunity. They target accounts with attractive usernames, and once they compromise them, they change the aliases in order to make them available again. Then, they quickly create new profiles using the good-looking usernames and sell them to the highest bidder.

To stop this, from now on, Instagram will lock recently changed usernames for an undisclosed period of time which means that their rightful owners will have the chance to get them back more easily.

It's best not to get your account hacked in the first place

Instagram is trying to help people get their accounts back, which is definitely commendable. From a user's perspective, however, you're better off not ending up in a situation where you need to recover your profile at all.

Obviously, it all starts with a strong password. It shouldn't just be any strong password, though. If you're going to protect your Instagram account, you need to put it behind a unique set of login credentials that are not used anywhere else. Your best bet is to use a reliable password management solution that can generate and store strong passwords for all your accounts.

With Instagram's Two-Factor Authentication system, sharing filter-heavy photos with friends and strangers will be an even more pleasant experience. You must make sure that it's enabled.

June 25, 2019

Leave a Reply