Instagram has announced that it is rolling out a new way to help users secure their accounts if they have been hacked. Called “Security Checkup,” Instagram says that it will guide users through steps to keep accounts as secure as it can.
Security Checkup is a tool that will prompt users to check recent login activity, review profile information, and update contact information in cases where users need to recover accounts. It isn’t clear how often the average user will see the Security Checkup tool appear — which looks as though it pops up upon launch of the app in certain circumstances — but Instagram says it is designed to guide people “whose accounts may have been hacked” through the necessary steps required to secure their information.
While this is an additional method of security, Instagram says that it will work best if combined with other security methods already in place such as enabling two-factor authentication (Instagram strongly recommends this be enabled for all users), enabling login request, and making sure the phone number and email associated with an account are up to date.
Engadget notes that although Instagram does “strongly recommend” users enable two-factor authentication, it is notably not one of the actions the new Security Checkup tool will recommend.
Instagram has said that it will never send individual users a direct message, and the company notes that this is a particular area where it has seen malicious actors attempt to take control of accounts.
“Over the past few months, we’ve seen a rise in malicious accounts DMing people to try and access sensitive information like account passwords. They may tell you that your account is at risk of being banned, that you are violating our policies around intellectual property, or that your photos are being shared elsewhere,” Instagram says. “These messages are often scams and violate our policies. Instagram will never send you a DM. When we discover these kinds of scams, we take action against them. But we also encourage you to report the content and block the account. We’ve sent notices at the top of people’s Inbox to warn them about these messages over the past two months. If Instagram ever wants to reach you about your account, we will do so via the ‘Emails from Instagram’ tab in your settings, which is the only place you will find direct and authentic communication from us on the app.”
Instagram’s full list of recommended security steps all users should take can be found on the Facebook blog.