Instagram activates 2-factor authenticationby Nikola Strahija on February 19th, 2016 Instagram added two-factor authentication to its service, a security measure that is becoming a de facto standard. The method works by requiring a code generated on a second device to be entered alongside the user's password.
Instagram uses SMS text messaging to send the code to the user's mobile phone. In some countries it is relatively easy to social engineer telecommunication companies and have them forward SMS messages and phone calls to a controlled number.This trick is favoured with bank account thieves to prevent warnings of fund transfers reaching the victims while Instagram accounts are more likely to be in the interest of spammers and hacktivists.
A more secure two-factor authentication schemes like Google Auth employ SMS as a last fallback option when a user's token generator (usually an authorised smartphone) is not available.