Should you use Two-Factor Authentication on Instagram?

Your Account Has Been Hacked!

It’s one of the worst nightmares that many of the users face at least once in their lifetime throughout their online experiences, and who knows?

“You could be next!”

Instagram has been investing ‘billions of dollar’ on user security every single year to check the amount of fraud and illicit activities happening on the platform. Therefore, in 2018 the gram team launched a security feature named as “Two Factor Authentication” or “2FA” to comply with their promises. Two Factor Authentication added a cushion between user’s account and malicious hackers that made it difficult for them to bypass the code. Although 2FA isn’t a security cure-all, it at least made Instagram hacking much harder than it was before.

What is Two Factor Authentication?

Two-factor authentication ( also known as 2FA) is a security feature that users must set up to add an extra layer of protection to their account. It protects the account from cyber-criminal that could be trying to creep into the user’s personal information such as profile pictures, chats, comments, and much more.

2FA asks users to enter a unique login code, likewise referred to as “recovery code” and verify login effort every time the user tries accessing the account from mobile or laptop other than they generally use.

After you activate 2FA, Insta sends a code to your opted choice (Text or Authenticator app) that users can use to log into their account from devices gram doesn’t identify.

If the code can’t be sent out due to connectivity or distribution problems, users can still complete the process with recovery codes.

The only mandate for users is that they must be logged in to their Instagram account to access such new codes or get a new listing.

Therefore, individuals must copy the codes to their clipboard, take a screenshot of them or save them on Google Drive or someplace so that they’re readily available when they desire to log into Instagram.

How to switch on Two-factor Verification?

In order to get a list of recovery codes for your account:

  • Go to your profile and tap on the top right corner of the screen.
  • Tap Settings.
  • Tap Security, then tap Two-Factor Authentication.
  • Tap Recovery Codes.

How to cancel your recovery codes, and why do it?

Generally, it is not advised to change your recovery codes regularly; else you may wind up confused with a pile of screenshots as well as thinking which are the existing ones. Nonetheless, I would advise altering your codes instantaneously if you are dubious regarding somebody that could have seen or stolen your codes.

Here are the steps to do it-

  • Go to your profile and tap on the top horizontal lines right corner of the screen.
  • Tap Settings.
  • Tap Security, then tap Two-Factor Authentication.
  • Tap Recovery Codes, then tap Get New Codes.

Types of Two Factor Authentication

Currently, there are two types of two-factor authentication methods that users can try to protect their Instagram account.

1: Text message (SMS) codes

Gram users are asked to choose either text message (SMS) codes or a third-party authentication app as your primary security method when you turn on two-factor authentication.

In the event that you choose to use text message (SMS), you’ll be sent a text message (SMS) with an exclusive 6-digit security code each time you try logging into your Instagram account from a device Instagram fails to acknowledge.

To activate text message (SMS) login codes for your mobile phone:

  • Go to your profile and tap three horizontal lines on the top.

    Two Factor Authetication On Instagram

    Two Factor Authentication via Text

  • Tap Settings.
  • Tap Security > Two-Factor Authentication.
  • Tap Get Started.
  • Tap next to Text Message.
  • If your account doesn’t have a valid phone number, you’ll be asked to enter one. After entering the phone number, tap Next.

2: Login codes from a third-party authentication app (such as Duo Mobile or Google Authenticator).
Two Factor Authetication On Instagram

2FA via Authentication Apps

One can even use third-party authentication app as your primary security method when you turn on two-factor authentication. Using these third-party authentication apps users can generate login codes that will help Instagram confirm when they would try logging in from a new device for the initial time.

In order to use a third-party authentication app for login codes:

  • Go to your profile and tap the three horizontal lines icon on top.
  • Tap Settings.
  • Click on ‘Security’ and scroll down to tap ‘Two-Factor Authentication’.
  • In case you haven’t already turned two-factor authentication on, tap Get Started.
  • Then tap next to Authentication App, and follow the on-screen instructions.
  • You will receive a confirmation code from the third-party authentication app that you can enter the confirmation code to complete the process.

Turning on two-factor authentication on Instagram for multiple devices?

In case one uses a third-party authentication app (Google Authenticator, Duo Mobile), they can set up 2FA manually for your Instagram account that is going to generate a key users can use to establish two-factor authentication for each of their other devices. Your Instagram key would work even if you use multiple authentication apps on the same device.

How to do it?

Here are the step of setting up two-factor authentication manually:

  • Go to the profile section and click settings on the top right corner of the screen.
  • Tap on security and then scroll down and tap Two-Factor Authentication.
  • Then tap next to Authentication App, and select set up manually. Click on Get Started, if you don’t see the toggle switch.
  • Copy your key and paste it into your Google Authenticator app.
  • Copy the key code somewhere, take a screenshot and keep it in your gallery, or save it in some other way as Insta doesn’t allow reaccess the code once you’ve finished setting up.
  • Now go back to the gram app, and tap Next. Then paste the 6-digit code to complete the process on that device.


Following you’ve set up two-factor authentication on the first device, you’ll send the Instagram key to your various other devices and set up two-factor authentication from there.

Moreover, when it comes to multiple devices, users only need to complete the entire process of setting up two-factor authentication on your primary device. For additional devices, user can insert the Instagram key generated via their first device into the authentication apps on each additional device and link their Instagram account to it.

Difference between IG Key and Recovery Codes?

An IG key is a code that’s generated when users manually set up 2FA on a device. IG key is used to set up two-factor authentication across multiple devices. While on the other hand, recovery codes are the code that users can use as a backup if they can’t access their 6-digit code generated by your authentication app.

Should you use Two-factor Authentication?

According to me, 2FA is absolutely a fantastic feature that every single user on Instagram should use. However, you should take care of a few things before using this feature as you may end up losing your account permanently like once I did.

So basically, here is what happened that caused me to lose my account-

  • My Two-factor authentication was on.
  • I opted for Two-factor via text (Phone Number- *******909, that I used 5 years ago that no longer worked)
  • The screenshot of my recovery codes was in the gallery.

One not so fine day, my old Samsung phone died!

I tried to get it repaired, but I could not. It completely stopped!

I lost my recovery codes that were stored in the gallery. I didn’t have the option to get codes via text as my number didn’t work anymore.

When I logged into my account from a new phone, the app continuously asked for recovery codes to log in. I had no backup code as all the data from the gallery was lost; neither did my sim card work that was associated with 2FA.

Unfortunately, I had no option but to make a new account.

What can you learn from these mistakes?

  • Update the mobile number on Instagram that you currently use (primarily if you use 2FA via text).
  • Use Google Authenticator if possible (your sim might not work for the next few years, but you can rest assured Google will.)
  • Remember one or two codes, or upload the screenshot of recovery code on your personal Google Drive account so you can log in to your Google account and use them even when your device isn’t with you.


I know whatever I did was quite stupid, and many of the bloggers might not have mentioned their names even if it happened with them for the fact we are at a sitting where most people have the expected illusion that-

“The one who writes about these apps and features makes no mistakes.”

Everyone does!

So did I.

However, as you are my reader, you should not.

Btw, what are your thoughts about ‘Two Factor Authentication’? Do you use it?

Let me know in the comments section below and please share if you found this helpful.

Till then?

See you next time!


Note- One should have a confirmed cell phone number when it comes to your Instagram account to use text messages (SMS) two-factor authentication. It becomes the confirmed number for your account when you enter a telephone number to turn on two-factor authentication




Leave a Reply

Your email address will not be published. Required fields are marked *