Instagram is currently testing a new feature designed to automatically lock usernames for 14 days after the owners switch to a new handle, as discovered by mobile researcher Jane Manchun Wong in an Alpha version of the platform’s Android app.
According to Wong, the feature Instagram is currently testing should put a stop to a well-known practice crooks use of deploying bots designed specifically for swiping usernames as soon as the previous owner switches to a new handle.
The auto-lock username feature Instagram is currently testing was found by Wong in the 220.127.116.11.24 Alpha version of the Instagram Android app APK, within the strings.xml used for storing all the string resources needed to translate Android apps easier.
“Instagram should roll out this feature as soon as possible. Stop the squatters from ruining Instagram” said Wong, while also mentioning that username squatters were already messaging her directly on Twitter.
Some of them who believed that she created the feature also sent death threats via DMs, as proof of how much an automated 14-day lock of usernames following handle changes would anger crooks who use squatting bots.
It’s important to mention that, if this feature will eventually be added to the Instagram platform, it will not protect user accounts from getting hacked.
To make sure that cybercriminals will not be able to hack into and take over an Instagram account, it is recommended to protect it using two-step authentication (2FA) apps (e.g., Duo Mobile and Google Authenticator) or physical security keys, while avoiding SMS 2FA which relies on external carrier networks that can be intercepted by potential attackers.
Last week, Google announced the addition of a new Admin console option for G Suite admins that would help them disable telephony options as 2FA methods for G Suite accounts in their domain, thus preventing users from using the insecure SMS and voice codes options for authentication.
Instagram added 2FA support and account verification during August 2018, and it also provides a detailed support document designed to explain how to use third-party authentication apps to add extra security to one’s account.
In October 2018, Wong also unearthed an Instagram opt-in feature designed to deliver precise location history to its parent company Facebook, even when the application was not running on the device.
Instagram, as a “Facebook Product”, is testing Facebook Location History in their app.
It allows tracking the history of precise locations from your device, now through instagram app too
— Jane Manchun Wong (@wongmjane) October 4, 2018