Instagram for Windows users: Relaxed privacy set

How to keep your account from getting hacked

Set a strong password

What for: so you don’t get hacked.

If you use a short and simple password for your Instagram account, cybercriminals can guess it and hijack your account. The complex and longer the password, the stronger it is. Use a strong password that:

  • Consists of 8-20 characters.
  • Contains lowercase and uppercase letters, numbers, and special characters ($, @, etc.).
  • Is not an actual word or easy-to-guess phrase.
  • Is not the same as your passwords for any other accounts.
  • Does not consist of information that strangers could easily find out (your name, date of birth, pet's name etc. or those of your relatives and friends).

To change your password:

  1. Go to your profile by clicking the human figure icon in the upper right corner of the screen;
  2. Click Edit Profile;
  3. Select the Change Password tab;
  4. Enter your current password and set a new one;
  5. Click Change password.

Enable two-factor authentication

What for: so you definitely don’t get hacked.

Instagram can prompt you to enter an additional one-time code when you log into the account. Even if cybercriminals find out your login and password, they will not be able to use them without this code. The code can be received via a text message or using an authentication app.

Keep in mind that Instagram can use the phone number you specified for one-time codes for its own purposes, for example to show you targeted ads.

To enable two-factor authentication based on your phone number:

  1. Go to your profile by clicking the human figure icon in the upper right corner of the screen;
  2. Click Edit Profile;
  3. Select the Privacy and Security tab;
  4. In the Two-Factor Authentication section, click Edit Two-Factor Authentication Setting;
  5. Select Use Text Message to receive the verification code via text message;
  6. Select Turn On in the dialog that opens;
  7. Check the phone number used to receive the text message, edit it and click Next, if appropriate;
  8. Enter the confirmation code you receive via text message and click Ready;
  9. Instagram opens a page with five backup recovery codes. You need them to access your account even if you lose your phone. Every code can be used only once. Write them down or take a screenshot of them, and keep this information in a safe place.


It is considered that it is safer to use an authentication app for two-factor authentication. A text message with the code can be intercepted by infecting the smartphone with malware or by exploiting a communication protocol vulnerability.

The web version of the service currently does not allow enabling two-factor authentication using a 2FA app. To do so, open the settings of the Instagram app for iOS or Android.

How to defeat spammers and trolls

Get rid of offensive comments under your posts

By default, Instagram blocks potentially offensive comments under your posts using a built-in filter. You can also hide comments based on your custom list of forbidden words and expressions.

To configure blocking of offensive comments:

  1. Go to your profile by clicking the human figure icon in the upper right corner of the screen;
  2. Click Edit Profile;
  3. Select the Privacy and Security tab;
  4. Click Edit Comment Settings in the Comments section;
  5. Add words and expressions comments with which you want to hide in the Keyword Filters field and click Submit to configure your custom filter;
  6. Select the check mark next to Use Standard Keywords to enable the built-in filter of offensive words and expressions.

You can also choose who can comment on your posts. Since this cannot be done in the web version, follow instructions on how to configure the iOS or Android app.