Instagram holds photos, messages, business contacts, and sometimes income streams. Therefore, protecting your Instagram account is important. Weak passwords or outdated recovery settings make accounts easy targets for theft, spam, and unauthorized changes. This guide explains nine password-related settings and practices you should check today — each with clear steps, why it matters, screenshots ideas, examples, and practical tips.
Read on to learn actionable, beginner-friendly ways to secure your account and prevent future problems.
How to Protect Your Instagram
Instagram connects relationships, business customers, and creative work. Consequently, losing access to your account or being targeted by malicious actors can be stressful and costly. Fortunately, most risks are preventable if you check and update a handful of critical password and account settings.
In this article we cover “Instagram password settings” in plain language, giving step-by-step instructions so even beginners can follow along. Moreover, I include helpful tips on what to screenshot for your records and how to act if something goes wrong.
Why Instagram password settings matter
Password settings and recovery options form your first line of defense. They determine how easily you can regain access if you forget your password or if someone else tries to sign in. Therefore:
- Proper settings reduce the chance of account takeover.
- They speed up legitimate recovery when you lose access.
- They protect your private messages, billing for ads, and customer contacts.
Now let’s cover the nine settings everyone should check.
1 — Change to a strong, unique password (Change Password)
What this setting is
This is the password you use to log in. It should be long, unique, and not used on other websites.
Why it matters
A strong password prevents attackers from guessing or reusing leaked passwords from other sites. If a password is used on multiple services, a leak elsewhere can compromise your Instagram.
How to change it (step-by-step)
On mobile (Android / iOS):
- Open Instagram and tap your profile picture (bottom right).
- Tap the three-line menu (top right) → Settings & privacy → Account → Password.
- Enter your current password, then type a new strong password and confirm it.
- Tap Save (or the check mark).
On web:
- Go to instagram.com → click profile → Settings → Change password.
- Enter current password, new password, and confirm. Click Change Password.
Screenshot idea
Capture the Password screen showing the fields for current and new password. Blur the text fields in the image for privacy.
Tips
- Use a passphrase: three unrelated words + two numbers (e.g.,
coffee-sunshine-47-pillow). - Never reuse a password from another site.
2 — Enable Two-Factor Authentication (2FA)
What this setting is
2FA requires a second verification step (code or key) when you log in from a new device.
Why it matters
2FA stops most attackers who have only your password. Even if the password leaks, they still need the second factor.
How to enable it (step-by-step)
Mobile:
- Profile → Menu → Settings & privacy → Security → Two-factor authentication.
- Tap Get started if first time. Choose a method (Authentication app or Text message).
- Follow prompts to finish setup. Instagram will confirm that 2FA is active.
Web:
- Click profile → Settings → Privacy and Security → Two-Factor Authentication.
- Follow the on-screen setup.
Screenshot idea
Show the Two-Factor Authentication page with methods listed (blur any codes).
Tips
- Turn on 2FA right after resetting your password.
- Use an authentication app where possible (see next section).
3 — Use an authentication app instead of SMS for 2FA
What this setting is
Instead of receiving verification codes by SMS, you use an authentication app (Google Authenticator, Authy, Microsoft Authenticator).
Why it matters
Authentication apps are more secure than SMS, which can be intercepted via SIM swapping.
How to switch to an app (step-by-step)
- Settings → Security → Two-factor authentication.
- Choose Authentication app as the primary method. Instagram may detect an app or ask you to scan a QR code.
- Open your authentication app, add Instagram by scanning the code or entering the key.
- Enter the code shown in the app back into Instagram to confirm.
Screenshot idea
Show the QR code Instagram displays (blur the code) and the authentication app screen with the six-digit code.
Tips
- Keep the secret key or QR code somewhere safe when you first set it up (screenshot for a secure personal vault, not cloud storage).
- Use an auth app that supports multi-device backup if possible.
4 — Save and secure your backup codes
What this setting is
Backup codes are single-use codes Instagram gives you to log in if you lose access to your 2FA device.
Why it matters
If you lose your phone, backup codes let you log in without the authentication app or SMS.
How to get and store backup codes (step-by-step)
- Settings → Security → Two-factor authentication → Additional Methods → Backup Codes.
- Instagram shows a list of codes — copy them or download them.
- Store them in a secure place: a password manager, an encrypted note, or a printed copy in a safe.
Screenshot idea
Show the backup codes screen (blur or redact the actual codes).
Tips
- Use each backup code once; Instagram shows you when they are used.
- Re-generate codes after using them and store the new list.
5 — Update your recovery email address
What this setting is
Your recovery email is the address Instagram will use to help you reset your password or contact you about security.
Why it matters
If the email is old or inaccessible, you may lose the easiest recovery route.
How to update it (step-by-step)
- Profile → Menu → Settings & privacy → Account → Personal information (or Emails and Phone Number).
- Update the email field to an address you control and verify it. Instagram will send a confirmation link — click it.
Screenshot idea
Capture the Personal Information screen showing the email field (blur the email address).
Tips
- Use an email address you check regularly.
- Prefer an email provider with strong security (2FA on your email too).
6 — Update your phone number for recovery (if you use SMS)
What this setting is
This is the phone number Instagram will use to send SMS codes for login and recovery if you choose SMS 2FA.
Why it matters
If you change phone numbers and don’t update Instagram, you won’t receive verification codes.
How to update it (step-by-step)
- Profile → Menu → Settings & privacy → Account → Personal information → Phone number.
- Enter the new number. Instagram sends a verification code to the new phone — enter the code to confirm.
Screenshot idea
Show the Phone Number field and the verification prompt (blur the number).
Tips
- If you expect to change numbers, set up an authentication app and backup codes before switching SIMs.
- Consider using a secondary phone number for recovery if you have two lines.
7 — Review Login Activity and log out unknown devices
What this setting is
Login Activity shows devices and locations where your account is currently logged in.
Why it matters
Reviewing this helps you detect unauthorized access and forcibly log out suspicious sessions.
How to review and log out (step-by-step)
- Settings → Security → Login Activity.
- Look through the list of devices and locations. If you see a device you don’t recognize, tap the three dots (or Log out) and remove it.
- After logging out unknown devices, change your password and re-check 2FA.
Screenshot idea
Show the Login Activity list with entries (blur locations and device names).
Tips
- If you remove an unknown device, also check Messages and Posts for any unauthorized activity.
- Logging out everywhere is an option under security if you suspect a breach.
8 — Revoke access to untrusted third-party apps (Apps & Websites)
What this setting is
This lists external apps and websites that you allowed to connect to your Instagram account.
Why it matters
Third-party apps can get extensive permissions. A compromised app or overly-permissive app may expose your account to risks.
How to review and revoke (step-by-step)
- Settings → Security → Apps and Websites.
- Review Active apps: click any app you no longer use or don’t recognize.
- Tap Remove to revoke access. Confirm removal.
Screenshot idea
Show the Apps and Websites page with a couple of connected apps listed (blur app names if you prefer).
Tips
- Only connect apps you trust: official analytics, Facebook/Meta tools, or verified partner apps.
- Periodically review this list every 3–6 months.
9 — Turn on login alerts and verify “Emails from Instagram”
What this setting is
Login alerts and the “Emails from Instagram” tool help you identify genuine messages from Instagram and detect suspicious login attempts.
Why it matters
These alerts notify you of new logins or security messages, so you can act quickly if something is wrong.
How to check and enable (step-by-step)
- Settings → Security → Security and login or Emails from Instagram.
- Under Emails from Instagram, you can view messages Instagram sent regarding your account (this helps spot phishing).
- Ensure you have login alerts enabled and that the recovery email is correct.
Screenshot idea
Show the “Emails from Instagram” screen and where login alerts appear.
Tips
- If you receive a suspicious email claiming to be Instagram, open the app’s Emails from Instagram page to verify it before clicking links.
- Treat unexpected login alerts as urgent: change your password and review login activity.
Tips and Best Practices for Instagram Security
Beyond the nine settings, follow these extra steps for stronger protection:
- Use a password manager — it creates and stores unique passwords securely.
- Enable 2FA on your email — if your email is compromised, attackers can use it to reset Instagram passwords.
- Avoid public Wi-Fi for sensitive actions — don’t log in from open networks when possible.
- Keep device OS and apps updated — security updates fix vulnerabilities.
- Use official app stores — install Instagram only from Google Play or the Apple App Store.
- Limit who has account access — avoid sharing your password; use Facebook Business roles for collaborators.
- Regularly export and back up important data — Instagram has data download options under Settings → Privacy → Download data.
Common Mistakes to Avoid
- Reusing the same password across multiple sites.
- Storing backup codes or passwords in plain text on cloud storage without encryption.
- Relying only on SMS-based 2FA when an authentication app is available.
- Installing suspicious apps that ask for your Instagram login.
- Ignoring login alerts or failing to review login activity after a suspicious message.
Avoid these mistakes to reduce the risk of being locked out or compromised.
Example Scenarios & Actions
Scenario 1 — You lost your phone and can’t get SMS codes
Action: Use stored backup codes or an authentication app on a secondary device. If you set neither, use Instagram Help Center’s recovery flow and prepare to verify your identity.
Scenario 2 — You see a login from another city
Action: Go to Login Activity and log out that session immediately. Then change your password and review connected apps.
Scenario 3 — You use many third-party tools for business
Action: Periodically check Apps & Websites and reduce permissions to the minimum needed. Use official Meta tools when possible.
Conclusion
Securing your Instagram starts with simple checks you can do in minutes. By changing to a strong, unique password, enabling 2FA, storing backup codes, keeping recovery contacts current, reviewing login activity, and pruning third-party app access, you reduce the chance of account loss or unauthorized access.
Now is a great time to review these 9 password settings. Make the changes, save a secure copy of your backup codes, and enable 2FA. Your account, messages, and business links will thank you.
Dilip Chouhan is a passionate content creator from Rajasthan, India. At 22, he has successfully completed his graduation and is dedicated to sharing valuable knowledge and insights through his writing. With a focus on delivering informative, engaging, and reader-friendly content, Dilip aims to help his audience stay updated, inspired, and empowered.