Instagram for iPhone users: Medium privacy set

How to keep your account from getting hacked

Set a strong password

What for: So you don’t get hacked.

If you use a short and simple password for your Instagram account, cybercriminals can guess it and hijack your account. The more complex and longer the password, the stronger it is. Use a strong password that:

  • Consists of 8–20 characters.
  • Contains lowercase and uppercase letters, numbers, and special characters ($, @, etc.).
  • Is not an actual word or easy-to-guess phrase.
  • Is not the same as your passwords for any other accounts.
  • Does not consist of information that strangers could easily find out (your name, date of birth, pet's name, etc., or those of your relatives and friends).

To change your password:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Security section.
  4. Select Password.
  5. If the system sends you a message to the e-mail address linked to the account, open it, tap the button, and set a new password.
  6. If the form for changing the password opens, enter the old password and then enter the new password twice.

Tap Save.

Enable two-factor authentication

What for: Stronger protection from hacking.

Instagram can prompt you to enter an additional one-time code when you log in to your account. Even if cybercriminals find out your login and password, they will not be able to use them without this code. The code can be received by text message or using an authentication app.

Keep in mind that Instagram can use the phone number you specified for one-time codes for its own purposes, for example to show you targeted ads.

To enable two-factor authentication:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Security section.
  4. Select Two-Factor Authentication.
  5. Tap Get Started and choose a method for receiving the one-time code:
  6. text message to phone.
  7. Tap Next.
  8. Instagram will send a code to the phone number linked to the account. Enter it in the window that opens and tap Next.
  9. A code generated by another app, such as Google Authenticator.
  10. Start the app you have chosen for two-factor authentication and follow the on-screen instructions.

Using an authentication app for two-factor authentication is safer than using SMS authentication. A text message with the code can be intercepted by infecting the smartphone with malware or by exploiting a communication protocol vulnerability.

Check the security of your account

What for: To detect and stop any suspicious activity before it’s too late.

You can view information about all of your account activity and take steps if you detect suspicious activity.

To view the login history and other data of your account:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Security section.
  4. Select Access Data.
  5. View information about your account activity. Pay close attention to the Account Activity section, which contains a history of logins to your account. 

Disable account syncing

What for: To prevent the loss of one account from causing the loss of other accounts.

Instagram lets you link your account to profiles on other platforms. This lets you automatically share your posts on other social networks. If cybercriminals hack your Instagram account, they will be able to publish posts on your behalf on related networks. Meanwhile, if cybercriminals learn the login and password for your Facebook account, they will be able to hijack your Instagram account.

To disable account syncing:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Account section.
  4. Select Linked Accounts.
  5. Tap the social network name highlighted in color and select Unlink Account in the window that opens.

Downside: After disabling account syncing you will no longer be able to automatically post on several social networks at once. You will also no longer be able to restore access to Instagram using your Facebook profile.

How to keep Instagram out of your business

Stop Instagram from accessing your contacts

What for: So Instagram does not know more than it needs to.

Instagram requests access to the contact list on your phone to help you locate the people you know on the social network. The service also collects information about your contacts to generate targeted ads and form your news feed. Such data is passed on to others, including third parties, leading to an increased risk of data leaks.

To stop Instagram from using your contact list:

  1. Open Settings on the device.
  2. Scroll down to the list of apps.
  3. Select Instagram.
  4. Turn off the toggle switch next to Contacts.

Downside: Without access to your contact list, Instagram will no longer be able to recommend friends to follow from the list.

If such apps as Facebook, Messenger, and WhatsApp, which are owned by Facebook, have access to the contact list, the social network can still use that information.

Keep in mind that you will have to disable access to contacts on all of your devices.

You can check which contacts are already uploaded to your accounts and remove any unwanted information here:

Limit access to location data

What for: To keep Instagram from tracking your movements.

Instagram tracks your location in order to suggest geotags for your posts, generate targeted ads, and suggest hangouts. Transmission of such data compromises your privacy, increases traffic usage, and drains the battery. You can stop Instagram from accessing the device’s GPS data.

To stop Instagram from tracking your location:

  1. Open Settings on your device.
  2. Go to the Privacy section.
  3. Open Location Services.
  4. Find Instagram in the list of apps.
  5. Select Never.

How to defeat spammers and trolls

Limit the ability to comment on your posts

What for: To remove irrelevant comments.

By default, all Instagram users can leave comments under your posts, which is often abused by spammers and trolls.

To limit comments on all future posts:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Privacy section.
  4. Select Comments.
  5. Tap Allow Comments From and select who can comment on your posts.
  6. Everyone
  7. People You Follow and Your Followers
  8. People You Follow
  9. Your Followers
  10. You can also stop specific users from commenting on your posts. Tap Block Comments From and select users you don’t wish to receive comments from.

If you have a private account, only approved followers can comment on your posts.

You can also stop users from commenting on existing posts or specific new posts.

To do so:

  1. When creating a new post, tap Advanced Settings.
  2. Turn on the Turn Off Commenting toggle switch.

To disable comments under a post that has been already published:

  1. Go to your profile.
  2. Open the relevant post.
  3. Tap the three-dot icon next to your name.
  4. Select Turn Off Commenting.

Get rid of offensive comments under your posts

What for: So as not to waste time and brain cells on cleaning up comments.

By default, Instagram blocks potentially offensive comments using a built-in filter. However, you can add a custom list of forbidden words, phrases, numbers, or emoji.

To do so:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Privacy section.
  4. Select Comments.
  5. Turn on the toggle switch next to:
  6. Hide Offensive Comments — to enable the built-in Instagram filter.
  7. Manual Filter — to add to the filter a custom list of forbidden words, phrases, numbers, or smiley faces.
  8. Filter Most Reported Words (this item appears after you activate Manual Filter) — to add to your filter the words, phrases, numbers, and emojis that are blocked most often by other users.

Disable automatic publication of tagged posts on your profile

What for: To control what appears on your profile.

Instagram users can tag you in photos and videos in their posts. By default, such posts automatically appear on your profile and become visible to all users. Disable this feature if you want to decide what posts to show to your followers.

To stop automatic publication of such posts on your profile and hide posts that have been published already:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Privacy section.
  4. Select Tags.
  5. Turn off the Add Automatically toggle switch.
  6. Tap Hide Photos and Videos of You and select the posts that you want to hide from your profile.

How to hide posts from unwanted people

Configure visibility of stories

What for: So that only your close friends have access to your stories.

By default, your stories are visible to all followers. However, you can stop specific users from viewing them. This can be helpful if you use stories to post personal photos and videos that you prefer not to share with everybody.

To configure visibility of stories:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Privacy section and select Story.
  4. Tap the number of people to the right of Hide Story From.
  5. In the window that opens, select the followers from whom you want to hide your stories.
  6. Tap Done.

You can also show your stories only to a limited number of followers added to your list of close friends.

To create or edit this list:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Privacy section.
  4. Tap Close Friends.
  5. On the Suggestions tab, tap Add next to the names of followers whom you want to add to the list.
  6. On the Your List tab, you can remove followers from the list of Close Friends.

To make a story visible only to close friends, while publishing the story tap the green icon with a star at the bottom of the screen.

Stop other people from using your posts and stories

What for: To keep your posts from being shared beyond the intended audience.

By default, other Instagram users can add your posts to their stories and IGTV videos as well as publish materials from your stories in their Instagram and Facebook posts.

To stop others from using your posts:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Privacy section.
  4. Select Story.
  5. Disable the following options in the Sharing section:
  6. Allow Resharing to Stories — to stop other users from adding your posts to their stories. You will not see this item if you have a private account.
  7. Allow Sharing as Message — to stop other users from sharing your stories as messages.
  8. Share Your Story to Facebook — to stop automatic reposting of your story to Facebook.

How not to expose your personal data

Make your account private

What for: To prevent cybercriminals from getting hold of your personal information.

By default, your posts are visible to all Instagram users. Search engines can also include your posts in search results. If your profile is public, information in posts can be used against you. For example, information about your personal life can help telephone fraudsters to make up a convincing story to steal money from your bank accounts.

You can make your account private to make your posts visible only to approved followers.

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Privacy section.
  4. Select Account Privacy.
  5. Turn on the Private Account toggle switch.

Existing followers will still be able to see your posts. You can remove those followers with whom you do not want to share your posts.

To do so:

  1. Go to your profile and tap the number of followers at the top of the screen.
  2. Find the user you want to remove and tap the three dots next to the Follow or Following button.
  3. Tap Remove in the window that opens.

The user will not be notified that you have removed them from your list of followers.

Keep in mind that when you share a post from a private Instagram account on a different social network, post visibility will depend on settings of this social network and not Instagram.

How to clean up your traces

Remove stored bank card and e-wallet data

What for: Not to lose money.

Instagram users can order ads on the social network, donate money to charity, or buy goods. To this end, Instagram requests and stores details of a bank card or PayPal account as a method of payment. However, if your account gets compromised by a leak or gets hacked, your financial info can end up in the hands of cybercriminals.

To remove stored bank card and e-wallet data:

  1. Go to your profile and tap the menu icon in the upper right corner of the screen.
  2. Open Settings.
  3. Go to the Payments section. If you do not see this section, you do not have any cards or accounts linked to your account.
  4. Select Payment Methods.
  5. Tap a card or PayPal account in the list and tap Remove.

Downside: You will not be able to order ads or make purchases on Instagram. However, you can still buy goods from stores that process payments on their own websites.