Instagram can be addictive. What happens if you are locked out and you cannot get your daily dose of the gram? It happened to me over a weekend. It was my own doing, but I also realised that Instagram has an unconventional way of verifying an account to restore access to it.
Before continuing, here is my Instagram handle. Follow me for photos from the beautiful outdoors of India. https://www.instagram.com/pixelshooter/
So here is what happened.
Instagram Two-Factor Authentication
I turned on two-factor authentication for my instagram account a month ago. I access my account from multiple devices (home, work, phone etc). Sometimes Instagram goes overboard with anti-spam protection and prevents me from performing legitimate actions. I even got shadow-banned for accessing Instagram from my desktop, but I fixed that problem. If you are interested in knowing how, drop a comment down in this article.
So with two-factor authentication, I not only wanted Instagram to secure my account, but I also wanted those silly “Action Blocked” messages to go away.
Instagram’s two-factor authentication requires you to enter a code in the authentication screen, after you log in using your password. This code can either be sent to you via text message, or is generated in an app such as Google Authenticator.
At first, I choose SMS based two-factor authentication. But due to delays in receiving the SMS, I turned on Google Authenticator based two-factor authentication. When I did this, Instagram sent me backup codes. Backup codes are to be used when you don’t have access to the authenticator app. And I did not save the backup codes. This proved to be a grave oversight on my part!
I had to reset my iPhone which is the primary device where I have the Instagram app installed. All data, including the Instagram and Google Authenticator app was wiped out when I reset my phone. After reinstalling Google Authenticator I could not complete the setup process because I did not have access to the Instagram app. This meant that I was effectively locked out of the app!
Instagram Support Interaction
I contacted Instagram via the login screen on the app. I promptly got an email which had an amusing set of instructions.
They wanted to see my selfie! And if my Instagram account had no pictures that showed my face, I would never be able to access my instagram account!
Now, this is a really strange way for a company to offer support to its users. What if you are a photographer who posts all sorts of photos except one of yourself? Or what if you were handling the account of a popular brand? How do you prove to Instagram that you are asking for legitimate help? From this email it was clear that Instagram expects you to have photos of yourself in your account. Who would have thought so!
Luckily for me, my feed had 2 photos where my face was clearly seen. So I emailed them a selfie with a piece of paper that had the information they wanted.
I immediately got another email asking for more information. This included details which I had to recall from memory.
At this point, I had many questions.
- How will non-technical users of Instagram know details such as whice Operating System they used to sign up for their account?
- Does Instagram actually expect us to remember such details?
- If Instagram is meant for selfies, why are they so big on security? After all, their own two-factor authentication scenario did not take into consideration what happened to me.
- Why can’t they just send a code via SMS to complete the authentication process in a situation where the user does not have access to Google Authenticator?
Actually, I don’t remember when I signed up for Instagram. I certainly don’t remember what OS or device I was on. So I provided them with information on how I currently access Instagram. As of now I am waiting for a reply to my support query. I may never be able to access my account. I will update the outcome here.
So after another email where Instagram said some idiotic stuff, I got access to my account. I would like to believe they relented because I questioned their logic – what’s the use of protecting the privacy an account that may never be accessed ever again?