Achieving results on Instagram is not easy (as often claimed). It not only requires a lot of time but also energy, sacrifices, and investments, whether for sponsored posts, social media management, content creation, or even just staying updated by purchasing courses or coaching sessions.
For many people, an Instagram profile represents a real work asset, playing a fundamental role in their business’s economy, without which they would suffer a significant blow. But even if this is not your case, we’re sure you wouldn’t like to lose all your memories of the past years overnight, or have a stranger freely browsing through your private and personal content.
This is why it’s crucial to take all necessary measures to protect your account before it’s too late. In this guide, we will explore in detail all the settings and methods to secure your Instagram profile, ensuring you have peace of mind (if you follow all the advice).
1. Use a strong password
Let’s start with the basics before moving on to more advanced settings. The password is the first line of defense against unauthorized access. Many users underestimate the importance of a strong password, opting for simple and easily guessable combinations (yes, even you who know these rules well but consistently ignore them for fear of forgetting the password). Here’s how to create a truly secure password:
- Length: a good password should be at least 12 characters long. The longer it is, the harder it is to guess;
- Complexity: use a combination of uppercase and lowercase letters, numbers, and symbols. For example, “P@ssw0rd!2023” is much more secure than “password123”;
- Uniqueness: avoid using the same password for multiple accounts. If a hacker gets hold of one password, they could easily access others;
News: Instagram now guides you in choosing a password to help you find one that even the best hackers can’t figure out unless you give it to them: keep reading to learn more. In addition, there’s two-factor authentication and updating contact information for password recovery. You can also rely on a password manager, which can generate and securely store complex passwords for you, eliminating the risk of forgetting them.
2. Enable two-factor authentication (2FA)
Two-factor authentication (2FA) is an additional layer of security that requires a verification code sent to your phone or generated by an authentication app, along with your password. This means that even if someone manages to discover your password, they cannot access your account without the verification code.
To enable 2FA on Instagram:
- Go to settings > Accounts centre > Password and security > Two-factor authentication
- Follow the instructions to set up your preferred security method: you can choose to receive the code via SMS or through an authentication app like Google Authenticator.
If you choose the SMS method, you will also be given backup codes. These are useful if you can’t receive or don’t get the SMS: to access your account, you just need to enter one of these codes. Save or write them down in a safe place.
You can retrieve your backup codes at any time by following these steps:
- Go to settings > Accounts centre > password and security > two-factor authentication
- Select the profile you want > other methods > backup codes
However, between the two methods, our advice is to use an authentication app. It’s not only the most secure option but, from personal experience, it’s too often that Meta’s SMS doesn’t arrive, risking being locked out of your profile.
If you have already enabled two-factor authentication via SMS and want to add an authentication app – we recommend Google Authenticator (Android – iOS) – here are the steps you need to follow:
- Go to settings > Accounts centre > Password and security > Two-factor authentication > Select the profile
- Tap “authentication app” in the “add a backup method” section
- Follow the instructions provided to link your authentication app
- Enter the code provided by the authentication app
3. Check login activity
Instagram allows you to view all devices that have logged into your account, a useful feature for identifying any unauthorized access. If you notice suspicious activity, you can immediately log out of those devices.
To check login activity:
- Go to settings > Accounts centre > Password and security > Where you’re logged in
Once you select the profile, you’ll see a list of devices and locations from which access was made. If you recognize all the activities, you’re safe. If not, log out of the suspicious devices and change your password.
Note: Meta’s geolocation isn’t great. This means you might find locations that are even 100km away from where you were when you logged in. Before panicking, check the date, time, and type of device used as well!
4. Review connected apps
Third-party apps connected to your Instagram account can pose a security risk, especially if they are not reliable. It’s good practice to periodically review these connections and revoke access to those you don’t recognize or no longer use.
To manage connected apps:
- Open your Facebook profile > Tap on your profile picture at the top right > Settings and privacy > Business integrations (or click here)
- Review the list and remove access to unauthorized apps
5. Security alerts
If a suspicious-looking profile tries to follow your account or send you a DM, Instagram will show you a warning to remind you to be cautious. If you venture into a “suspicious” link, you will receive a pop-up warning to help identify potential scams. In short, Instagram acts as your “personal trainer” for digital security.
No action is required on your part to activate this setting!
6. Contact email
Another important measure is to use a contact email different from the one you use to log into your Instagram profile. This reduces the risk that someone can easily access your information.
Simply put: the email linked to the “email” button in your bio should be different from the one you used to create your Instagram profile. The same goes if you decide to add a phone number.
Believe it or not, one of the main reasons users lose their Instagram profile is that they themselves provide their login details to malicious people. By setting a different email as a contact method, you can immediately notice if the communication you received is on the wrong email (contact) or the correct one (login).
7. Verify received messages
The ultimate measure: it will remove any doubt whether the message you received is truly from Instagram or a scammer.
Always verify that all messages and emails you receive are genuinely from Instagram. You can do this by going to profile settings and checking the section dedicated to emails sent by Instagram.
- Go to settings > Accounts centre > Password and security > Recent emails > Select the profile > Enter your password
Review the list, and if the email you just received isn’t there, you’ve intercepted an attempt to steal your profile!
Remember: Instagram will never send you an email to obtain the blue checkmark.
Hacked profile: how to recover it
Are you reading this article too late and your profile has already been stolen or you can’t access it anymore?
Among the latest security updates, there is one regarding hacked profiles. If you encounter problems accessing your account, you can visit instagram.com/hacked to resolve them by filling out the form and attaching your document. Verified profiles can also access a dedicated real-time support chat.
Conclusion
It’s true, securing your Instagram profile requires some steps, but it can make a big difference in protecting your personal information and business. Repeatedly, remember: it’s often the users themselves who provide their login details to scammers and hackers. Verify any communication that seems to be from Instagram, keeping in mind that performing actions outside Meta apps (Facebook or Instagram) should raise a red flag!