In February 2022, Instagram announced that it was testing a new feature that allows users to get back access to their accounts with some help from fellow Instagram friends. Hacked accounts are a fairly common problem, with bad actors even doing it for a fee. In addition, there is no dearth of scams asking users to click on a malicious link in order to verify their account security, only to lure unsuspecting users into sharing their credentials instead.

The suspicious text messages usually start with lines like “Tap to get back into your Instagram account” followed by a link. Similar scams are targeting Twitter users as well. Online swindlers often take over an account and try to peddle bogus schemes like crypto investments with unprecedented returns, especially if the account happens to have a sizeable following. While celebrities and influencers get priority assistance from Instagram’s support team, regular users are often stuck in a tiring cycle with little help. To make the process of account recovery a tad less frustrating, Instagram announced that it's testing a new system that allow users to ask friends to verify the legitimate account owner’s identity and speed up the process.

Related: How To Report An Impersonating Account On Facebook & Instagram

Instagram says it will share more details about the upcoming feature soon, but images shared do shed some light on how it will work. Users will still be required to submit the last password they remember. However, they will then also be able to nominate two accounts to help with verification. It is unclear if both accounts need to follow each other to qualify as a ‘friend’ or if a one-sided follower/following equation is enough to ask for identity verification help.

Convenient, But Staying Safe Is Better

Instagram will let friends ID you to recover the account

Once the user has selected two accounts for identification, a notification will be sent to the nominated accounts and those friends will need to respond within 24 hours. If the two ‘friends’ don’t act on the notification in that period, users can nominate someone else for assistance. Once both the nominated accounts act on the notification and verify the account owner’s identity, a password reset link is sent, and account activity is restored to the rightful owner. The feature sounds extremely promising, and way more convenient than the usual account recovery system which can involve submitting proof of identity and can take anywhere between a few days to a month, or longer.

In July 2021, Instagram introduced a new security checkup system that allows users to review crucial account information such as the linked email address and registered phone number. The idea is to keep recovery details up to date so that users can wrest back control of their Instagram accounts if targeted by a bad actor. Also, there are a few safe practices that users should be aware of in general, such as enabling the 'Login Request' feature that sends a notification if an unauthorized party is trying to force their way into an Instagram account.

Instagram logo with hacker in the background

While Instagram hasn't rolled out the 'Request help from friends' feature yet, scammers have been using a similar trick to lock people out of their own accounts. The trick begins when a user receives a message from a friend's account, claiming that they've lost access and need help to get it back. The 'friend' tells the user that they will receive a verification code from Instagram, which they need to get back into their account.

However, the verification code is actually for the user's account. Once the hacker gets the code, they are able to take over a user's account and change the password. The scam is essentially a vicious cycle – by gaining access to a user's account, the hacker is able to potentially break into even more accounts by impersonating them to their friends. Instagram's proposed feature doesn't include any verification codes, so the best way to stay safe is not provide codes or click on any links unless a password change has been requested.

How To Keep Your Instagram Account Safe

Instagram logo on blue background next to a blocked symbol

Instagram suggests a few ways for users to keep their account secure, with the most important being two-factor authentication. Most social media apps allow 2FA, but many people using just a password to login. With 2FA, it's better to rely on authentication apps like Microsoft Authenticator, Google Authenticator, or Authy rather than a text message for an authentication code.

Instagram also warns users against giving any third-party apps access to their account, either using an access token or by sharing their username and password. Users are also encouraged to change their password if Instagram sends them a message letting them know it's been compromised. A strong password using a combination of letters, numbers, and special characters is recommended. Finally, users should log out of Instagram on a computer or device that doesn't belong to them or is shared with other users.

Source: Instagram