Instagram rolls out two factor authentication
But SMS still a mess.
Hipsters and selfie-lovers will enjoy extra security after Instagram added two-factor authentication to its service.
The security measure is becoming a de facto standard for protecting user accounts by requiring a code generated on a second device to be entered alongside passwords.
Instragram will send a code to user's mobile phones via SMS.
The vector is far from the most secure two-factor authentication method, as telcos' weak authentication checks makes obtaining a victim's phone number easy. In some countries it is relatively easy to use a victim's personal information to convince telcos to forward their phone calls and SMS to an attacker's number.
However that trick is favoured by bank account thieves who port phone numbers to prevent transfer warnings reaching victims. Instagram accounts are likely to be of more interest to spammers and net anarchists rather than financially-motivated hackers.
Which is not to say an Instagram account is not a valuable thing: Artist Rachel Ryle says she lost 35,000 followers after her account was hijacked. Others have lost sponsorships after account hijacking.
More secure two-factor authentication schemes use tools like Google Authenticator that employ SMS as a fallback option when a users's token - usually a smartphone pre-registered as authorised to run an app - is not available. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust