What does this call for? You have to ensure that the phone number you registered with 2FA is the active one. Otherwise, you will not receive SMS or Voice authentication 2FA codes. But this puts one at risk of sim hijacking, where a hacker takes control of your phone number and uses that to break into accounts. Now, Instagram is pushing towards app-based authentication, that won’t use your phone number when verifying if it is you accessing your account. The app will generate a special code that you need to log in, and this won’t be generated on a different phone. This is expected to make it harder for hackers to break into Instagram accounts.
Thank you Instagram! I have been waiting for this since 2016! We finally won’t have to rely our account’s security on SMS! ? pic.twitter.com/u0iIPTaZO2 — Jane Manchun Wong (@wongmjane) July 17, 2018 Currently, Instagram lets you recover your account and log in on new devices as long as you can confirm your identify via a phone number associated with your account. But, with a growing new form of online theft has resulted in hackers illegally gaining access to a user’s phone number and tying it to a new SIM card, there is need for a change in the 2FA. Read: Correctly Configure Two-Factor Authentication before you’re locked out of your own account
How do hackers do this?
The hackers use private information like a social security number, leaked through data breaches, to trick telecom customer service agents into reassigning a phone number to a new SIM. It is then that they can use the phone number and its recovery benefits to reset the owner’s other accounts.