Instagram

Consider removing your Full Name

When you sign up for Instagram, it prompts you for your full name. While most people fill out this field (as they are used to selecting a username), this field is completely optional.

If you were tricked into entering your full name, you can blank out the “Name” field from the following page in the web application:

https://www.instagram.com/accounts/edit/

On the application, this can be changed by choosing “Edit Profile” and editing the name field.

Enable Comment Filtering

To help avoid comment spam, use the comment filtering options. Be warned that a blacklist has many ways to be bypassed, so be careful not to click any links, visit any sites, or send any Bitcoin from untrusted users in the comment section.

https://www.instagram.com/accounts/comment_filter/

Two Factor Authentication

Instagram offers two methods to secure your accounts - SMS and Authenticator. Since SIM-swapping is a well known attack vector,  Authenticator is the preferred method. To set this up in the app, go to Settings -> Security -> Two Factor Authentication.

Note that if you attempt to perform these actions in the Desktop app, they are not permitted.

Opt Out of Contact Syncing

When you go to sign up for an Instagram account, you will be met with the below prompt. The button design may be deceiving to some. Syncing contacts is optional and will help protect the privacy of your contacts list.

Monitor your Login Activity

Instagram has a nice dashboard that allows you to view any active sessions or log in history. Regularly review this history and log out of sessions if they are no longer needed.

https://www.instagram.com/session/login_activity/

Consider Using Hermit

If privacy is a part of your security model, consider using Instagram on Android with Hermit. 

Hermit allows you to use a “sandboxed” browser to access Instagram, which blocks third party cookies and provides more granular controls over permissions. Be warned that some features may still be clunky, but for others the privacy tradeoffs make it worth the switch. To read more, visit reddit.com/r/HermitApp.

Use a Strong Password

Instagram’s 6 character minimum password length provides very little in terms of security. Use a password of sufficient length, preferably one generated from a password manager. Ensure that you are not reusing passwords from other social media sites to minimize your risk of credential stuffing attacks.

How to Delete Your Account

If you do decide to cancel your account, you will need to log in to a web browser to do so. Instagram does a good job at hiding the link from you. To delete, follow the prompts at the link below.

https://instagram.com/accounts/remove/request/permanent/