Instagram for Android users: Medium privacy set

How to keep your account from getting hacked

Set a strong password

What for: So you don’t get hacked.

If you use a short and simple password for your Instagram account, cybercriminals can guess it and hijack your account. The more complex and longer the password, the stronger it is. Use a strong password that:

  • Consists of 8–20 characters.
  • Contains lowercase and uppercase letters, numbers, and special characters ($, @, etc.).
  • Is not an actual word or easy-to-guess phrase.
  • Is not the same as your passwords for any other accounts.
  • Does not consist of information that strangers could easily find out (your name, date of birth, pet's name, etc., or those of your relatives and friends).

To change your password:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Security section.
  4. Select Password.
  5. If the system sends you a message to the e-mail address linked to the account, open it, tap the button, and set a new password.
  6. If the form for changing the password opens, enter the old password and then enter the new password twice.
  7. Tap the confirmation icon in the upper right corner of the screen.

Enable two-factor authentication

What for: For better protection against hacking.

Instagram can prompt you to enter an additional one-time code when you log in to the account. Even if cybercriminals find out your login and password, they will not be able to use them without this code. The code can be received in a text message or using an authentication app.

Keep in mind that Instagram can use the phone number you specified for one-time codes for its own purposes, for example to show you targeted ads.

To enable two-factor authentication:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Security section.
  4. Select Two-Factor Authentication.
  5. Tap Get Started and choose a method for receiving the one-time code:
  6. Text message to phone.
  7. Instagram will send a code to the phone number linked to the account. Enter it in the window that opens and tap Next.
  8. A code generated by another app, such as Google Authenticator.
  9. Start the app you have chosen for two-factor authentication and follow the on-screen instructions.

Authentication apps are generally considered the safer option for two-factor authentication. A text message with the code can be intercepted by infecting the smartphone with malware or by exploiting a communication protocol vulnerability.

Check the security of your account

What for: To detect and stop any suspicious activity before it’s too late.

You can view information about all of your account activity and take steps if you detect suspicious activity.

To view the login history and other data of your account:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Security section.
  4. Select Access Data.
  5. View information about your account activity. Pay close attention to the Account Activity section that contains a history of logins into your account. 

Disable account syncing

What for: To prevent the loss of one account from causing the loss of all other accounts.

Instagram lets you link your account to profiles on other platforms. This lets you share your posts on other social networks automatically. If cybercriminals hack your Instagram account, they will be able to publish posts on your behalf on related networks. Meanwhile, if cybercriminals find out the login and passport for your Facebook account, they will be able to hijack your Instagram account.

To disable account syncing:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Account section.
  4. Select Linked Accounts.
  5. Tap the names of social networks that have a blue check mark next to them one at a time, and in the window that opens tap Unlink Account.

Downside: After disabling account syncing you will no longer be able to post on several social networks at once automatically. You will also no longer be able to restore access to Instagram using your Facebook profile.

How to keep Instagram out of your business

Stop Instagram from accessing your contacts

What for: So Instagram does not know more than it needs to.

Instagram requests your phone’s contact list to help you locate people you know on the social network. The service also collects information about your contacts to generate targeted ads and form your news feed. Since such data is passed on to others, including third parties, there is an increased risk of data leaks.

To stop Instagram from using your contact list:

  1. Open Settings on the device.
  2. Go to the Apps & notifications section.
  3. Tap See all apps and select Instagram in the list.
  4. Select Permissions.
  5. Disable the Contacts option.

Downside: Without access to your contact list, Instagram will no longer be able to recommend following the accounts of your friends from the list.

If such apps as Facebook, Messenger, and WhatsApp, which are owned by Facebook, have access to the contact list, the social network can still use that information.

Keep in mind that you have to disable access to contacts on all your devices with contact lists.

You can check which contacts are already uploaded to your accounts and remove any unwanted information here:

Limit access to location data

What for: So Instagram does not know where you go.

Instagram tracks your location to suggest geotags for your posts, generate targeted ads, and suggest hangouts. Transmission of such data compromises your privacy, increases traffic usage, and drains the battery. You can stop Instagram from accessing device GPS data.

To stop Instagram from tracking your location:

  1. Open Settings on your device.
  2. Go to the Apps & notifications section.
  3. Tap See all apps and select Instagram in the list.
  4. Tap Permissions.
  5. Disable the Location option.

How to defeat spammers and trolls

Limit the ability to comment on your posts

What for: To remove irrelevant comments.

By default, all Instagram users can leave comments under your posts, an ability that spammers and trolls abuse.

To limit comments on all future posts:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Privacy section.
  4. Select Comments.
  5. Open the Allow Comments From menu and select who can comment on your posts.
  6. Everyone
  7. People You Follow and Your Followers
  8. People You Follow
  9. Your Followers
  10. You can also stop specific users from commenting on your posts. Open the Block Comments From menu and select users from whom you prefer not to receive comments.

If you have a private account, only approved followers can comment on your posts.

You can also stop users from commenting on existing posts or specific new posts.

To do so:

  1. When creating a new post, tap Advanced Settings.
  2. Enable the Turn Off Commenting option.

To disable comments under a post that has already been published:

  1. Go to your profile.
  2. Open the relevant post.
  3. Tap the three-dot icon next to your name.
  4. Select Turn Off Commenting.

Get rid of offensive comments under your posts

What for: So as not to waste time and brain cells on cleaning up comments.

By default, Instagram blocks potentially offensive comments using a built-in filter. However, you can add a custom list of forbidden words, phrases, numbers, or emoji.

To do so:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Privacy section.
  4. Select Comments.
  5. Enable the options:
  6. Hide Offensive Comments — to enable the built-in Instagram filter.
  7. Manual Filter — to add to the filter a custom list of words and symbols.
  8. Filter Most Reported Words (this item appears after you activate Manual Filter) — to add to your filter the words and symbols that are blocked most often by other users.

Disable automatic publication of tagged posts on your profile

What for: To control what appears on your profile.

Instagram users can tag you in photos and videos in their posts. By default, such posts automatically appear on your profile and become visible to all users. Disable this feature if you want to decide what posts to show to your followers.

To stop automatic publication of such posts on your profile and hide posts that have been published already:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Privacy section.
  4. Select Tags.
  5. Disable the Add Automatically option.
  6. Tap Hide Photos and Videos and select the posts that you want to hide from your profile.

How to hide posts from unwanted people

Configure visibility of stories

What for: So that only your close friends have access to your stories.

By default, your stories are visible to all followers. However, you can stop specific users from viewing them. This can be helpful if you use stories to post personal photos and videos that you do not want to share with everybody.

To configure visibility of stories:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Privacy section.
  4. Select Story.
  5. Tap the number of people next to Hide Story From.
  6. In the window that opens, select the followers from whom you want to hide your stories. Tap the check mark in the upper right corner of the screen.

You can also limit the viewing of your stories to your list of close friends.

To create or edit this list:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Privacy section.
  4. Select Close Friends.
  5. Tap the Start button.
  6. Tap the Add button next to the relevant followers.

To make a story visible only to close friends, while publishing the story tap the green icon with a star at the bottom of the screen.

Stop other people from using your posts and stories

What for: To prevent your posts from getting shared beyond the intended audience.

By default, other Instagram users can add your posts to their stories and IGTV videos as well as publish materials from your stories in their Instagram and Facebook posts. You can stop others from using your posts.

To do so:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Privacy section.
  4. Select Story.
  5. Disable the following options in the Sharing section:
  6. Allow Resharing to Stories — to stop other users from adding your posts to their stories.
  7. Allow Sharing — to stop other users from sharing your stories as messages.

Share Your Story to Facebook — to stop automatic reposting of your story to Facebook.

How to keep your personal data hidden

Make your account private

What for: To prevent cybercriminals from getting hold of your personal information.

By default, your posts are visible to all Instagram users. Search engines can also include your posts in search results. If your profile is public, information in posts can be used against you. For example, information about your personal life can help telephone fraudsters make up a convincing story to steal money from your bank accounts.

You can make your account private to make your posts visible only to approved followers.

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Privacy section.
  4. Select Account Privacy.
  5. Enable the Private Account option.

Existing followers will still be able to see your posts. You can remove those followers with whom you do not want to share your posts.

To do so:

  1. Go to your profile and tap the number of followers at the top of the screen.
  2. Find the user whom you want to remove and tap the three dots next to the Follow or Following button.
  3. Tap Remove in the window that opens.

The user will not be notified that you have removed them from your list of followers.

Keep in mind that when you share a post from a private Instagram account on a different social network, post visibility will depend on the settings of the other social network, not Instagram.

How to clean up other traces of your presence

Remove stored bank card and e-wallet data

What for: To keep your money.

Instagram users can spend money directly on the social network: for example, to buy ads. To this end, Instagram requests and stores details of a bank card or PayPal account. However, if your account gets compromised by a leak or gets hacked, your financial info can end up in the hands of cybercriminals.

To remove stored bank card and e-wallet data:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Payments section. If you do not see this section, you do not have any cards or accounts linked to your account.
  4. Select Payment Methods.
  5. Tap a card or PayPal account in the list and tap Remove.

Downside: You will not be able to order ads or make purchases on Instagram. However, you can still buy goods on stores’ pages if they process their own payments.