(Credit: Instagram)

Given that Twitter has had a formal user verification process for years, and Facebook is currently in the throes of re-examining its own approach to fake news, the latter's subsidiary Instagram is starting to look late to the authenticity party. Its two-factor authentication is currently limited to SMS text messages despite their security issues, and it's been fairly lax about people on the social network actually being who they say they are.

SEE: How Signal and WhatsApp encrypted messages betrayed their secrets in Cohen and Manafort cases

In a post on the company's Info Center, however, Instagram co-founder and CEO Mike Krieger has announced some major changes to the way that the platform handles account authenticity and security. These changes will be rolling out over the next several weeks, so don't panic if you don't see them on your phone or tablet yet.

On the account verification front, Instagram is introducing a feature called About This Account on the profile pages of users who have large followings. This section will publicize when the account was created, its nation of origin, related accounts (based on an overlap of followers), a history of account name changes, and what ads the account is running, if any.

Of course, location data is easily muddied by the use of a virtual private network (VPN), and tying trustworthiness to a person's country of origin can open up a whole can of political worms. But if your goal is to fight the clandestine influence that's gone like a wrecking ball through Facebook and Twitter, then there are worse places to start.

Krieger adds, "Submitting a request for verification does not guarantee that your account will be verified. Once your request has been reviewed, you will receive a notification confirming or declining your request in the notifications tab."

It's not quite clear yet what Instagram users are supposed to do with the additional publicized account information. Should new accounts necessarily be viewed with suspicion? If so, how much? If a user shares a lot of followers with another user whom you don't trust, are they just guilty by association? Verifying people on the Internet is tricky business, and to do it reliably, we may still need more info than Instagram proposes to add.

On the bright side, Instagram is making a major improvement to account login protection.

Instagram gets on the app-based two-factor authentication train

To help protect your login info, Instagram will also be upgrading from SMS-based two-factor authentication (2FA) to the app-based kind, in the wake of the testing it did last month. With 2FA, you use a temporary, one-time code to verify your access, after you've entered your user name and password. But SMS texts can be intercepted, or they can fail to arrive altogether.

With app-based 2FA, your codes are generated on your device, so you don't have to worry about what happens to them on their way to you. Krieger says that Instagram will now work with the third-party code generator of your choice; we recommend Google Authenticator, which you can get for both iOS and Android.

FOLLOW Download.com on Twitter for all the latest app news.

Authy is a popular alternative, but it puts your codes in the cloud to make them accessible to any authorized device, and with this convenience comes less security. If someone gets into your Authy account, they can get your 2FA codes without you knowing. Of course, if you lose the device where you have Google Authenticator installed, then you also lose access to your 2FA codes. However, you can print out a list of codes and store them in a safe place.

Enabling any form of 2FA in the Instagram app will present a list of backup codes and the option to copy them to a text file or to take a screenshot of them. To enable 2FA, tap the Profile button in the bottom right, then the hamburger button in the upper right, then the Settings button back down on the bottom right to access your app settings. Then scroll down to Two-Factor Authentication, tap it, and tap the slider next to Require Security Code.

If you're using Instagram's default SMS-based 2FA, then the Instagram app will send you a 6-digit code via text message, which you enter into the app to verify that you've received it. If you decide not to get backup codes at this time, you can do so later by tapping Get Backup Codes in the Two-Factor authentication section of the app.

When your app gets updated for the new 2FA method, there will be an option in the 2FA section called Authentication App. This will send a code to Google Authenticator (or whichever code generator app you've installed), which you enter into the Instagram app to finish the setup process. If you don't have a code generator, Instagram will send you to the Google Play Store on Android, or the App Store if you're using an iPhone or iPad.

The takeaways

  • Instagram is adding app-based two-factor authentication to help protect your account. If you don't have a 2FA code generator, we recommend Google Authenticator for iOS and Android.
  • Instagram is also adding a profile page section called About This Account that will provide more info about the user, such as when their account was created, and what country they log in from.

Also see

Tom McNamara is a Senior Editor for CNET's Download.com. He mainly covers Windows, mobile and desktop security, games, Google, streaming services, and social media. Tom was also an editor at Maximum PC and IGN, and his work has appeared on CNET, PC Gamer, MSN.com, and Salon.com. He's also unreasonably proud that he's kept the same phone for more than two years.