In a move to offer more assurance in recovering hacked accounts, Facebook-owned messaging app Instagram is testing a new in-app account recovery process, essentially a two-factor authentication tool that will be triggered either when Instagram notes the user is having trouble logging in or by the user clicking “need more help” on the login page.
This test is iOS only, Android is expected to follow soon.
To control cases where the hackers alter username and contact data linked to the accounts, Instagram is offering a safeguard which would prevent any username from being claimed for a “period of time” after account changes, whether it is a hack or a voluntary change.
Users are being asked to fill in their personal information such as their original email address or phone number and later send them a six-digit code to the contact information of their choice, Engadget reported on Sunday.
The new method is intended to ensure account recovery even if the hacker alters the username and contact information linked to the account.
With this process, the photo-messaging app also intends to prevent hackers from using email or phone number codes to take over accounts from different devices, the report said.
As of now, to recover a hacked account, users have to either wait for a recovery email or fill out a support form, making the process time-consuming.
The new recovery process is aimed at letting users recover an account from within the app itself, rather than having to lean on the security team.
Instagram’s decision comes two months after its parent company Facebook admitted to have “fixed a security issue” that had been saving passwords of 200-600 million users in plain text and “readable” format since 2012, which were also searchable by over 20,000 of its staff members.