Instagram for Windows users: Tight privacy set

How to keep your account from getting hacked

Set a strong password

What for: so you don’t get hacked.

If you use a short and simple password for your Instagram account, cybercriminals can guess it and hijack your account. The complex and longer the password, the stronger it is. Use a strong password that:

  • Consists of 8-20 characters.
  • Contains lowercase and uppercase letters, numbers, and special characters ($, @, etc.).
  • Is not an actual word or easy-to-guess phrase.
  • Is not the same as your passwords for any other accounts.
  • Does not consist of information that strangers could easily find out (your name, date of birth, pet's name etc. or those of your relatives and friends).

To change your password:

  1. Go to your profile by clicking the human figure icon in the upper right corner of the screen;
  2. Click Edit Profile;
  3. Select the Change Password tab;
  4. Enter your current password and set a new one;
  5. Click Change password.

Enable two-factor authentication

What for: so you definitely don’t get hacked.

Instagram can prompt you to enter an additional one-time code when you log into the account. Even if cybercriminals find out your login and password, they will not be able to use them without this code. The code can be received via a text message or using an authentication app.

Keep in mind that Instagram can use the phone number you specified for one-time codes for its own purposes, for example to show you targeted ads.

To enable two-factor authentication based on your phone number:

  1. Go to your profile by clicking the human figure icon in the upper right corner of the screen;
  2. Click Edit Profile;
  3. Select the Privacy and Security tab;
  4. In the Two-Factor Authentication section, click Edit Two-Factor Authentication Setting;
  5. Select Use Text Message to receive the verification code via text message;
  6. Select Turn On in the dialog that opens;
  7. Check the phone number used to receive the text message, edit it and click Next, if appropriate;
  8. Enter the confirmation code you receive via text message and click Ready;
  9. Instagram opens a page with five backup recovery codes. You need them to access your account even if you lose your phone. Every code can be used only once. Write them down or take a screenshot of them, and keep this information in a safe place.


It is considered that it is safer to use an authentication app for two-factor authentication. A text message with the code can be intercepted by infecting the smartphone with malware or by exploiting a communication protocol vulnerability.

The web version of the service currently does not allow enabling two-factor authentication using a 2FA app. To do so, open the settings of the Instagram app for iOS or Android.

Check the security of your account

What for: to detect and stop any suspicious activity before it’s too late.

You can view information about all of your account activity and take steps when you detect suspicious activity.

To view the login history and other data of your account:

  1. Go to your profile by clicking the human figure icon in the upper right corner of the screen;
  2. Click Edit Profile;
  3. Select the Privacy and Security tab;
  4. Click View Account Data in the Account Data section;
  5. View information about your account activity. Pay close attention to the Account Activity section that contains a history of logins into your account.

You can also unlink Instagram from other social network accounts so you don’t lose other accounts when one of them gets hacked. Since this cannot be done in the web version, follow instructions on how to configure the iOS or Android app.

How to hide from Big Brother

Remove synchronized contacts

What for: so Instagram does not know more than it needs to.

If you enabled contact syncing in Instagram for iOS or Android, the social network uses your contacts to suggest you to follow accounts of people you know or to create targeted ads. Since such data is passed on to others, including third parties, there is an increased risk of data leaks.

To remove contact information:

  1. Go to your profile by clicking the human figure icon in the upper right corner of the screen;
  2. Click Edit Profile;
  3. Select the Manage Contacts tab;
  4. Click Delete All.

Note that without access to the contact list, Instagram will no longer be able to recommend you to follow the accounts of your friends whose numbers are in your smartphone contact list. Previously collected contact information is stored even after access has been disabled.

Stop third-party apps from accessing your account data

What for: to prevent potential data leaks.

If you connected other sites and apps to Instagram (e.g., to find subscribers, calculate likes, etc.), they may have access to your profile info, images and videos you posted, lists of followers and follows. In some cases they may also be able to like posts and follow or unfollow accounts on your behalf.

After being granted access, such sites and apps do not normally inform you explicitly about the permissions you grant them.

To rule out any unauthorized activity in your account and lower the risk of data leaks, deny third-party apps and sites access to your data.

To revoke the access of apps to your account:

  1. Go to your profile by clicking the human figure icon in the upper right corner of the screen;
  2. Click Edit Profile;
  3. Select the Apps and Websites tab;
  4. Remove all apps from the Active and Expired tabs.

How to defeat spammers and trolls

Get rid of offensive comments under your posts

By default, Instagram blocks potentially offensive comments under your posts using a built-in filter. You can also hide comments based on your custom list of forbidden words and expressions.

To configure blocking of offensive comments:

  1. Go to your profile by clicking the human figure icon in the upper right corner of the screen;
  2. Click Edit Profile;
  3. Select the Privacy and Security tab;
  4. Click Edit Comment Settings in the Comments section;
  5. Add words and expressions comments with which you want to hide in the Keyword Filters field and click Submit to configure your custom filter;
  6. Select the check mark next to Use Standard Keywords to enable the built-in filter of offensive words and expressions.

You can also choose who can comment on your posts. Since this cannot be done in the web version, follow instructions on how to configure the iOS or Android app.

Disable automatic publication of tagged posts on your profile

What for: to control what appears on your profile.

Instagram users can tag you in photos and videos in their posts. By default, such posts automatically appear on your profile and become visible to all users. Disable this feature if you want to decide what posts to show to you followers.

To stop automatic publication of such posts on your profile and hide posts that have been published already:

  1. Go to your profile by clicking the human figure icon in the upper right corner of the screen;
  2. Click Edit Profile;
  3. Select the Privacy and Security tab;
  4. Select the Add Manually check mark in the Photos of You section.

How to hide posts from unwanted people

Stop other people from using your stories

What for: to prevent your stories from getting shared beyond the intended audience.

By default, other Instagram users can share your stores via direct messages and on Facebook. You can stop others from using your posts.

To do so:

  1. Go to your profile by clicking the human figure icon in the upper right corner of the screen;
  2. Click Edit Profile;
  3. Select the Privacy and Security tab;
  4. Clear the Allow Sharing check marks in the Story Sharing section.

You can also stop other users from sharing your posts in their stories. Since this cannot be done in the web version, follow instructions on how to configure the iOS or Android app.

Configure visibility of stories

What for: so that only your close friends have access to your stories.

You can limit the visibility of your stories. Since this cannot be done in the web version, follow instructions on how to configure the iOS or Android app.

How not to expose your personal data

Make your account private

What for: to prevent cybercriminals from getting hold of your personal information.

By default, your posts are visible to all Instagram users. Search engines can also include your posts in search results. If your profile is public, information in posts can be used against you. For example, information about your personal life can help telephone fraudsters to make up a convincing story in order to steal money from your bank accounts.

You can make your account private to make your posts visible only to approved followers.

  1. Go to your profile by clicking the human figure icon in the upper right corner of the screen;
  2. Click Edit Profile;
  3. Select the Privacy and Security tab;
  4. Select the Private Account check mark in the Account Privacy section.


Existing followers will still be able to see your posts. You can remove those followers with whom you do not want to share your posts.

To do so:

  1. Open the profile of the user you want to remove.
  2. Click the three-dot icon to the right of the account name.
  3. In the window that opens, select Block This User.
  4. Click Block.


The user will not be notified that you have removed him from the list of followers.

Keep in mind that when you share a post or story from a private Instagram account on a different social network, such as Facebook, post visibility will depend on settings of your Facebook account.

Hide your activity status

What for: to stop showing everybody when you are online.

By default, Instagram shows when you are online or the last time you went online to your followers and users to whom you sent direct messages. Your ex-partners or other interested people could monitor your status and spam you with their messages when you are online.

Also, if you friend people you don’t know personally, this information could be used by an intruder to choose the best time to hack your account. By observing your status over a period of several days, they will see when you are likely to be offline and unable to respond promptly to an attack.

To stop showing your activity status:

  1. Go to your profile by clicking the human figure icon in the upper right corner of the screen;
  2. Click Edit Profile;
  3. Select the Privacy and Security tab;
  4. Clear the Show Activity Status check mark in the Activity Status section.

Downside: by hiding your status you will also be unable to see the activity status of your followers.

Make your profile highly anonymous

What for: to make it more difficult to identify you on the social network.

Instagram does not require you to specify your accurate information. You can make your account anonymous if you don’t want people to associate it with you. To do so:

  • upload as your profile photo any image that makes it impossible to determine that the account belongs specifically to you;
  • use an alias;
  • remove information about yourself and the link to your website if you specified them previously.

To change the profile photo:

  1. Go to your profile by clicking the human figure icon in the upper right corner of the screen;
  2. Click Edit Profile and then Change Profile Photo;
  3. Select Upload Photo.

To change your username or remove your details:

  1. Go to your profile by clicking the human figure icon in the upper right corner of the screen;
  2. Click Edit Profile;
  3. Enter made-up information in the Name and Username fields;
  4. Remove personal information from the Website and Bio sections;
  5. Tap Submit.

Stop your profile from getting recommended to other users

What for: to prevent unwanted people from finding your profile.

Instagram recommends your profile to users with similar interests by showing information about your account in search results and news feeds of other users. To exclude your profile from suggestions and search results, disable this feature.

To do so:

  1. Go to your profile by clicking the human figure icon in the upper right corner of the screen;
  2. Click Edit Profile;
  3. Clear the check mark next to Similar Account Suggestions.

Downside: You will also stop seeing suggestions to follow accounts of other users.

How to get rid of unwanted notifications

Stop Instagram from sending you ads

What for: to avoid getting distracted.

Instagram sends ads to users via e-mail or text messages. If you are bothered by such messages, you can stop the service from distracting you.

To do so:

  1. Go to your profile by clicking the human figure icon in the upper right corner of the screen;
  2. Click Edit Profile;
  3. Select the Email and SMS tab;
  4. Clear check marks next to:
  5. News emails
  6. Product emails

How to clean up your traces

Remove your phone number from your profile

What for: to prevent people from finding you by your phone number.

Instagram users who have your number in the contact list will see suggestions to follow you. This feature can be abused by advertisers and cybercriminals. You can remove your phone number from the profile, preventing them from finding you account based on this number.

Important. If you have two-factor authentication via text message enabled, you will have to disable it and select another method of receiving the one-time code in the iOS or Android app.

You can then remove your phone number from the profile. To do so:

  1. Go to your profile and click Edit Profile;
  2. Enter your e-mail address in the E-mail Address field if it is still blank;
  3. Click your number in the Phone number field;
  4. Remove your number and click Submit.

Keep in mind that after removing your phone number, you link your account to your e-mail address. This means that access recovery instructions will be sent to your e-mail address if you forget your password. Make sure that your e-mail account is secure and you have constant access to it.

Create an archive with your profile data

What for: to see what information Instagram has on you and create a backup copy of important data.

You can download photos, comments, profile data and other information relating to your account. You can also find out what kind of information Instagram collects about you as well as save important information in case you lose your account.

To download an archive with your data:

  1. Go to your profile by clicking the human figure icon in the upper right corner of the screen;
  2. Click Edit Profile;
  3. Select the Privacy and Security tab;
  4. Click Request Download in the Data Download section;
  5. Enter the e-mail address to which you want to receive data, and click Next;
  6. Enter your Instagram account password and click Request Download;
  7. You will receive a link for the data archive download within 48 hours.

You can delete information collected by Instagram only by removing the account itself.

Citizens of the European Union can request removal of their data pursuant to Article 17 of the General Data Protection Regulations (GDPR). Instagram is obligated to take steps to remove the information you indicated even if it has been transferred to third parties. The social network must present a progress report or reason for refusal within one month. The list of possible reasons for refusal is provided in Part 3 of Article 17 of the GDPR.

Remove stored bank card and e-wallet data

What for: not to lose money.

You can remove information about payment methods from your Instagram account. Since this cannot be done in the web version, follow instructions on how to configure the iOS or Android app.