Instagram is working on a new two-step verification option that will help protect users from SIM hackers, according to a new report. The platform’s existing verification system works by sending a code to the user’s phone via an SMS, but the upcoming system will rely on an authentication app like Google Authenticator. Confirmation of the new option follows a report earlier today highlighting SIM hijacking.
In a report earlier today, Motherboard detailed hackers that are SIM hijacking Instagram users to reset their account passwords. This leaves the user exposed even if they have two-factor verification enabled because Instagram’s present system relies on texting codes.
Instagram is working on a solution to the problem, it has told TechCrunch, and it’ll come in the form of authenticator apps instead of SMS codes. The verification method, assuming it is used, eliminates the SIM hijacking risk by delivering the authentication code within the app instead of through a text; this code can’t be generated using a different phone.
A prototype of the non-SMS verification system has been discovered in Instagram’s Android app. Instagram confirmed that it is working on the system, but details are slight. Screenshots of the prototype system indicate that SMS verification codes will remain an option for users who want or need them. The company didn’t say when it plans to release the new non-SMS 2FA option.