Two-factor authentication is a security mechanism that requires two types of credentials for authentication and is designed to provide an additional layer of validation, minimizing security breaches.
Impact
Two-factor authentication can be bypassed using the add instagram account feature in facebook business . While merging the victim account with the attacker facebook account, 2FA of victim account gets automatically bypassed which an attacker use 2fa enabled victim account without entering 2FA process.
Proof of Concept
1) User “A” creates a business account and Adds victim Two-factor authentication enabled account.
2) add victim username and password (2FA enabled account)
3) here you can see 2FA check skipped when a Business Manager tries to link an Instagram Account
Steps to Recover Instagram Two-Factor Authentication Code
Firstly, open your Instagram app and select “Log In”. Then, enter your Instagram username and password. At this point, the 2-FA code request page will be displayed. Now click on “Need help signing in” and select “Recover 2FA Code”.
If you choose to use text message (SMS), you'll be sent a text message (SMS) with a special 6-digit security code each time someone tries logging into your Instagram account from a device we don't recognize.
Disabling two-factor authentication on Instagram for both iPhone and Android devices follows a similar process. Here's a guide specifically for Android: Go to your profile and tap the three-line icon at the top right corner to access Settings and Privacy.Then, click on Account Center and choose Password and Security.
Click See more in Accounts Center, then click Password and security. Click Two-factor authentication, then select an account. Choose the security method you want to add and follow the on-screen instructions.
If you haven't received an SMS code, check your blocked numbers to see if you blocked 32665 or 32665. Ensure you're using the same phone number associated with your account, that mobile data is on, your connection is stable, and that you didn't set up 2FA with an authentication app instead of SMS.
If you're waiting for an SMS code and not receiving it, one of the most common problems is that you're using a different phone or have changed your phone number since configuring two factor authentication. It's easy to lose track of all the devices and apps relying on an old number when you change phones.
If you select “Scan a barcode,” your phone's camera will activate. Hold your phone close to the screen to allow the camera to capture the QR code. 4. When the QR code or manual code has processed, Google Authenticator will generate a six-digit verification code and display it.
Hobby: Shopping, Table tennis, Snowboarding, Rafting, Motor sports, Homebrewing, Taxidermy
Introduction: My name is Duncan Muller, I am a enchanting, good, gentle, modern, tasty, nice, elegant person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.