How to keep your account from getting hacked
open allWhat for: So you don’t get hacked.
If you are using a short and simple password for your Instagram account, cybercriminals can guess it and hijack your account. A long and complex password is more secure. Use a strong password that:
- Is at least 8 characters long;
- Contains lowercase and uppercase letters, numbers, and special characters ($, @, etc.);
- Is not an actual word or easy-to-guess phrase;
- Is not the same as your passwords for any other accounts;
- Does not consist of information that strangers could easily find out (your name, date of birth, pet's name, and so forth — or those of your friends or relatives).
To change your password:
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Settings;
- Go to the Security section;
- Select Password;
- If the system sends you a message to the e-mail address linked to the account, open it, tap the button, and set a new password;
- If the form for changing the password opens, enter the old password and then enter the new password twice;
- Tap Save.
What for: So you definitely don’t get hacked.
Instagram can prompt you to enter an additional one-time code when you log into the account. Even if cybercriminals find out your login and password, they will not be able to use them without this code. The code can be received via a text message or using an authentication app.
Keep in mind that Instagram can use the phone number you specified for one-time codes for its own purposes, for example to show you targeted ads.
To enable two-factor authentication:
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Settings;
- Go to the Security section;
- Select Two-Factor Authentication;
- Click Get Started and choose a method for receiving the one-time code:
- Text message to phone:
- Tap Next;
- You will see a list of recovery codes. Copy it and tap Done.
- A code generated by another app, such as Google Authenticator.
- Start the app you have chosen for two-factor authentication and follow the on-screen instructions.
It is considered that safer to use an authentication app for two-factor authentication. A text message with the code can be intercepted by infecting the smartphone with malware or by exploiting a communication protocol vulnerability.
What for: So nobody else can log into your account.
Instagram lets you save account login credentials on the device so you don’t have to enter the login and password every time. If your phone or tablet ends up in the hands of strangers, other people can access your account. To prevent this from happening, you can remove such data from the device.
To remove saved login credentials:
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Settings;
- Select Security;
- Go to the Saved login Info section;
- In the window that opens, tap the toggle switch if it is on and confirm the removal of login data.
To stop the app from storing your account credentials in the future:
- Log out of the account when you stop using Instagram;
- When logging out, tap Not now in the Remember Login Data window.
Downside: You will have to enter your login and password manually.
What for: To detect and stop any suspicious activity before it’s too late.
You can view information about all of your account activity and take steps when you detect suspicious activity.
To view the login history and other data of your account:
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Settings;
- Go to the Security section;
- Select Access Data;
- View information about your account activity. Pay close attention to the Account Activity section that contains a history of logins into your account.
What for: To prevent the loss of one account from causing the loss of all other accounts.
Instagram lets you link your account to profiles on other platforms. This lets you automatically share your posts on other social networks. If cybercriminals hack your Instagram account, they will be able to publish posts on your behalf on related networks. Meanwhile, if cybercriminals find out the login and password for your Facebook account, they will be able to hijack your Instagram account.
To disable account syncing:
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Settings;
- Go to the Account section;
- Select Sharing to other apps;
- Tap the social network name highlighted in color and select Unlink Account in the window that opens.
Downside: After disabling account syncing you will no longer be able to automatically post on several social networks at once. You will also no longer be able to restore access to Instagram using your Facebook profile.
How to keep corporations out of your business
open allWhat for: So Instagram does not know more than it needs to.
Instagram requests the contact list of your phone to help you locate the people you know on the social network. The service also collects information about your contacts to generate targeted ads and form the news feed. Since such data is passed on to others, including third parties, there is an increased risk of data leaks.
To stop Instagram from using your contact list:
- Open Settings on your device;
- Scroll down to the list of apps;
- Select Instagram;
- Turn off the toggle switch next to Contacts;
Downside: Without access to the contact list, Instagram will no longer be able to advise you to follow the accounts of your friends in your contact list.
If such apps as Facebook, Messenger or WhatsApp, which are owned by Facebook, have access to the contact list, this information can still be used by the social network.
Keep in mind that you have to disable access to contacts on all your devices with contact lists.
You can check which contacts are already uploaded to your accounts and remove any unwanted information here:
What for: So Facebook does not know where you go.
Instagram tracks your location in order to suggest geotags for your posts, generate targeted ads, and suggest hangouts. Transmission of such data compromises your privacy, increases traffic usage and drains the battery. You can stop Instagram from accessing GPS data of the device.
To stop Instagram from tracking your location:
- Open Settings on your device;
- Go to the Privacy section;
- Open Location Services;
- Find Instagram in the list of apps;
- Select Never.
This feature is unavailable in the iOS app. To deny third-party services access your account data, follow the instructions on how to configure the web version of Instagram.
How to defeat spammers and trolls
open allWhat for: To remove irrelevant comments.
By default, all Instagram users can leave comments under your posts, which is a feature that is often abused by spammers and trolls.
To limit comments on all future posts:
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Settings;
- Go to the Privacy section;
- Select Comments;
- Tap Allow Comments From and select who can comment on your posts;
- Everyone
- People You Follow and Your Followers
- People You Follow
- Your Followers
- You can also stop specific users from commenting on your posts. Tap Block Comments From and select users you don’t wish to receive comments from.
If you have a private account, only approved followers can comment on your posts.
You can also stop users from commenting on existing posts or specific new posts:
- When creating a new post, tap Advanced Settings;
- Turn on the Turn Off Commenting toggle switch.
To disable comments under a post that has been already published:
- Go to your profile;
- Open the relevant post;
- Tap the three dots icon next to your name;
- Select Turn Off Commenting.
What for: So as not to waste time and brain cells on cleaning up comments.
By default, Instagram blocks potentially offensive comments using a built-in filter. However, you can add a custom list of forbidden words, phrases, numbers, or smiley faces:
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Settings;
- Go to the Privacy section;
- Select Comments;
- Turn on the toggle switch next to:
- Hide Offensive Comments — to enable the built-in Instagram filter.
- Manual Filter — to add a custom list of forbidden words, phrases, numbers, or smiley faces to the filter.
- Filter Most Reported Words (this item appears after you activate Manual Filter) — to add to your filter the words, phrases, numbers, and emojis that are blocked most often by other users.
What for: To control what appears on your profile.
Instagram users can tag you in photos and videos in their posts. By default, such posts automatically appear on your profile and become visible to all users. Disable this feature if you want to decide what posts to show to you followers.
To stop automatic publication of such posts on your profile and hide posts that have been published already:
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Settings;
- Go to the Privacy section;
- Select Tags;
- Turn off the Add Automatically toggle switch;
- Tap Hide Photos and Videos of You and select the posts that you want to hide from your profile.
How to hide posts from unwanted people
open allWhat for: So that only your close friends have access to your stories.
By default, your stories are visible to all followers. However, you can stop specific users from viewing them. This can be helpful if you use stories to post personal photos and videos that you do not wish to share with everybody.
To configure the visibility of stories:
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Settings;
- Go to the Privacy section and select Story;
- Tap the number of people to the right of Hide Story From;
- In the window that opens, select the followers from whom you want to hide your stories;
- Tap Done.
You can also show your stories only to a limited number of followers added to the list of close friends.
To create or edit this list:
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Settings;
- Go to the Privacy section;
- Tap Close Friends;
- Tap Add next to the names of followers whom you want to add to the list;
- On the Your List tab, you can remove followers from the list of Close Friends.
To make a story visible only to close friends, while publishing the story tap the green icon with a star at the bottom of the screen.
What for: To keep your posts from being shared beyond the intended audience.
By default, other Instagram users can add your posts to their stories and IGTV videos as well as publish materials from your stories in their Instagram and Facebook posts. To stop others from using your posts:
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Settings;
- Go to the Privacy section;
- Select Story;
- Disable the following options in the Sharing section:
- Allow Resharing to Story — to stop other users from adding your posts to their stories. You will not see this item if you have a private account.
- Allow Sharing as Message — to stop other users from sharing your stories as messages.
- Share Your Story to Facebook — to stop automatic reposting of your story to Facebook.
How to prevent your personal data from being exposed
open allWhat for: To prevent cybercriminals from getting hold of your personal information.
By default, your posts are visible to all Instagram users. Search engines can also include your posts in search results. If your profile is public, information in posts can be used against you. For example, information about your personal life can help telephone fraudsters to make up a convincing story in order to steal money from your bank accounts.
You can make your account private to make your posts visible only to approved followers.
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Settings;
- Go to the Privacy section;
- Select Account Privacy;
- Turn on the Private Account toggle switch.
Existing followers will still be able to see your posts. You can remove those followers with whom you do not want to share your posts:
- Go to your profile and tap the number of followers at the top of the screen;
- Find the user you want to remove and tap three dots next to the Follow or Following button;
- Tap Remove in the window that opens.
The user will not be notified that you have removed them from the list of followers.
Keep in mind that when you share a post from a private Instagram account on a different social network, post visibility will depend on settings of this social network and not Instagram.
What for: To prevent cybercriminals from getting hold of them.
By default, Instagram stores in the memory of your device the photos and videos you take in the app. Such data can remain on your device even after you remove your Instagram post. There is a risk that cybercriminals may get hold of them should you lose your device.
To stop Instagram from saving photos and videos from the app in the device memory:
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Settings;
- Go to the Account section;
- Tap Original Photos;
- Turn off the Save Original Photos toggle switch to stop photos and videos from getting saved in the phone memory automatically.
What for: To ensure that your “removed” posts actually get removed.
By default, your stories are available to followers for 24 hours, after which they are saved in the archive. If cybercriminals hack your account, they will be able to see posts that you believe to have been removed.
To disable data archiving:
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Archive. You will be taken to the Stories Archive tab;
- Tap the three dots button in the upper right corner of the screen and select Settings.
- Turn off the Save to Archive toggle switch;
- Go to the Posts Archive by tapping Archive at the top of the screen and repeat steps 2 through 4.
What for: To stop showing everybody when you are online.
By default, Instagram shows when you are online or the last time you went online to your followers and users to whom you sent direct messages. Your ex-partners or other interested people could monitor your status and spam you with their messages when you are online.
Also, if you friend people you don’t know personally, this information could be used by an intruder to choose the best time to hack your account. By observing your status over a period of several days, they will see when you are likely to be offline and unable to respond promptly to an attack.
To stop showing your activity status:
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Settings;
- Go to the Privacy section;
- Select Activity Status;
- Turn off the Show Activity Status toggle switch.
Downside: By hiding your status you will also be unable to see the activity status of your followers.
What for: To make it more difficult to identify you on the social network.
Instagram does not require you to specify your accurate information. You can make your account anonymous if you don’t want people to associate it with you:
- upload any image that makes it impossible to determine that the account belongs specifically to you as your profile photo;
- use an alias;
- remove information about yourself and the link to your website if you specified them previously.
To change the profile photo:
- Go to your profile;
- Tap Edit Profile and then Change Profile Photo;
- Select Choose from Library and upload an image.
To change your username or remove your details:
- Go to your profile;
- Tap Edit Profile;
- Enter made-up information in the Name and Username fields;
- Remove personal information from the Website and Bio sections.
What for: To prevent unwanted people from finding your profile.
This feature is unavailable in the iOS app. To stop your profile from appearing in recommendations for people with similar interests, follow the instructions on how to configure the web version of Instagram.
How to get rid of unwanted notifications
open allWhat for: To avoid distractions.
Instagram sends users push notifications and e-mails with ads.To stop Instagram from sending ads via push notifications:
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Settings;
- Go to the Notifications section;
- Select From Instagram;
- Go to the Product Announcements section and select the Off check mark.
To disable e-mail notifications:
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Settings;
- Go to the Notifications section;
- Select Email and SMS;
- Tap Off next to:
- Product e-mails
- News emails
How to clean up your traces
open allWhat for: Not to lose money.
Instagram users can order ads on the social network, donate money to charity, or buy goods. To this end, Instagram requests and stores details of a bank card or PayPal account as a method of payment. However, if your account gets compromised by a leak or gets hacked, your financial info can end up in the hands of cybercriminals.
To remove stored bank card and e-wallet data:
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Settings;
- Go to the Payments section. If you do not see this section, this means that you do not have any cards or accounts linked to your account;
- Select Payment Methods;
- Tap a card or PayPal account in the list and tap Remove.
Downside: After removing cards and accounts you will not be able to order ads or make purchases on Instagram. However, you can still buy goods on pages of stores if payment is processed on the merchant’s website.
What for: To prevent people from finding you by your phone number.
Instagram users who have your number in the contact list will see suggestions to follow you. This feature can be abused by advertisers and cybercriminals. You can remove your phone number from the profile, preventing them from finding your account based on this number.
Important. If you have enabled two-factor authentication via text message, you will first have to disable it. You can use authentication apps instead.
You can then remove your phone number from the profile:
- Go to your profile and tap Edit Profile;
- Select Personal Information Settings;
- Enter your e-mail address in the E-mail field if it is still blank;
- Tap your number in the Phone number field;
- Remove your number and tap Next.
Keep in mind that after removing your phone number, you link your account to your e-mail address. This means that access recovery instructions will be sent to your e-mail address if you forget your password. Make sure that your e-mail account is secure and you have constant access to it.
What for: To see what information Instagram has on you and create a backup copy of important data.
You can download photos, comments, profile data and other information relating to your account. You can also find out what kind of information Instagram collects about you as well as save important information in case you lose your account.
To download an archive with your data:
- Go to your profile and tap the menu icon in the upper right corner of the screen;
- Open Settings;
- Go to the Security section;
- Select Download Data;
- Enter the e-mail address where you want the data to be sent, and tap Request Download;
- Enter your password and tap Next;
- You will receive an archive download link within 48 hours.
You can delete information collected by Instagram only by removing the account itself.
Citizens of the European Union can request removal of their data pursuant to Article 17 of the General Data Protection Regulations (GDPR). Instagram is obligated to take steps to remove the information you indicated even if it has been transferred to third parties. The social network must present a progress report or reason for refusal within one month. The list of possible reasons for refusal is provided in Part 3 of Article 17 of the GDPR.