Facebook is working on a way for Instagram users to receive two-factor authentication (2FA) codes through WhatsApp as a new option augmenting its existing 2FA methods.

Instagram 2FA Codes via WhatsApp?

While Instagram hasn't made the feature official as of yet, mobile developer and reverse engineer Alessandro Paluzzi was able to unearth evidence that Facebook is working on it.

He also shared some screenshots on Twitter showing the user interface around this new optional feature in Instagram's app for iOS and Android. Instagram users will be able to opt-in when---and if, for that matter---Facebook rolls out this option to everyone.

Using WhatsApp for Instagram 2FA Codes

Disabled by default, the feature can be turned on in Instagram Settings > Security > Two-Factor Authentication, then switch on the WhatsApp option. You'll also need to enable the SMS method before WhatsApp can be used for Instagram's 2FA code delivery.

Related: How to Set Up Two-Factor Authentication on Facebook

Instagram already supports 2FA code delivery methods like text messages, authenticator apps like Authy, backup codes printed for safekeeping, and login requests. WhatsApp will be joining those existing 2FA methods as a new Instagram option.

This isn't the only new feature that the photo-sharing service has been working on lately.

For example, Instagram is testing uploading post photos and videos via a web browser, as well as accessing creator tools and creating stories using the web version of the service.

Which Instagram 2FA Method Should I Use?

2FA is an authentication method that adds an additional layer of security to accounts that support it. With 2FA, you establish access to an online account, device, or app by providing two different types of information: something you know, like a password, and something you have, like a device through which you receive one-time login codes.

Related: Why Avoid Using SMS for Two-Factor Authentication?

Not all methods of 2FA code delivery were created equal. SMS is by far the least secure way of receiving 2FA codes because it's possible to spoof text messages. WhatsApp is as insecure as SMS because you're still getting authentication codes as texts on WhatsApp.

And as we saw with security breaches in the past, WhatsApp is not bullet-proof.

Authenticator apps like Authy or Google Authenticator are more secure than SMS, but their biggest weakness is reliance on a secret key. The safest way of receiving 2FA codes is universal second-factor keys (U2F), tiny devices that use either an NFC or USB connection.

As for backup codes, those are meant for safekeeping in case you're unable to access any of the existing 2FA code delivery methods.

Image Credit: Solen Feyissa/Unsplash