How to . . . lock down your Instagram account

Keep control of your account – and keep the hackers out – with a few easy steps

If you received a security alert from Instagram, it’s time to bolster up your security. Photograph: iStock

Have you received a strange message from Instagram lately? This morning, I opened up Instagram to find a security alert warning me that someone had tried to access my account and giving me the option to let Instagram know if it was me or not. Given that the attempt was tracked to an Android device in Russia, it was safe to say it wasn't me.

It seems I’m not the only one. This has been going on for a while, although anecdotal accounts from friends suggest that there has been a spate of it recently.

Luckily, most of them were able to keep control of their accounts, although one said he had to set up a second account after his original Instagram account was hacked and taken over.

So how can you make sure you keep control of your account?

READ MORE

Strong password

Your best bet to keep your account safe is to have a strong password, one you haven’t used already with another online account – preferably a mix of letters, numbers and symbols. If you have trouble coming up with strong passwords or remembering your login details, check here for more on keeping your passwords safe.

Two-factor authentication

Instagram, like Facebook and other online accounts, gives you the option of two-factor authentication to keep your account secure. That means if Instagram needs to verify that it is you logging into your account, it will send a unique security code to your phone number or email. If you log in on a new device, for example, it will automatically send the code to your nominated phone or email.

On the offchance that you may lose access to either of those options – say if your phone is stolen, for example – you can also get backup codes on your phone and email them to yourself, or even – old-school style – write them down.

Account retrieval

Make sure your account retrieval options are up to date, ie that your email address is current or that you have linked a phone number to the account. Not everyone is comfortable with giving service providers that information, though, so that’s a choice you’ll have to make for yourself. One solution is to have a throwaway email address for social media accounts etc so you don’t have to give away your private email.

Without a way of retrieving your account, it’s harder to get back in if someone does manage to take it over.