Most Instagram users post publicly, so if someone takes control of your account, they can quickly damage your reputation by posting false or offensive content. And your Instagram posts can reveal a lot about you; information that fraudsters and scammers can use to target you or your friends and family.
For these reasons, it’s critical that you take the time to set your security and privacy settings on Instagram. Let’s walk through them.
Most of this guide shows the full, desktop version of the Instagram website. The steps will be similar for the mobile website and Instagram apps. The links throughout the guide will take you directly to the pages referenced.
For some settings, I don’t have a recommendation related to security or privacy, so I don’t describe them in this guide. For those, feel free to keep the default, or choose based on your preferences.
Note: this page contains affiliate links. Please see Affiliate Disclosure.
Log into the Instagram website. In the top right corner of the screen, click the person icon. Then, click the Edit Profile button.
You’ll see a menu on the left side of the screen with various categories of settings. We’ll go through them in order.
Bio: Think carefully about what info you want to to be public. When you set your account to private, that hides your posts, but not your bio or profile image.
Set a long, strong password (20+ characters, with a mix of uppercase, lowercase, numbers, and special characters). Use a new password; one you’ve never used anywhere else. I recommend using a password manager, such as LastPass, to create and store your password.
Review the authorized applications connected to your Instagram account. If there are any that don’t truly need access to your account, remove them.
If you’ve previously uploaded contacts to Instagram, you can delete them by clicking Delete All.
Private Account: “When your account is private, only people you approve can see your photos and videos on Instagram. Your existing followers won’t be affected.” If you don’t need your posts to be public to the world, check this box. This makes your posts private, only visible to those whom you approve. This defeats the purpose for which many people use Instagram, but not everyone needs to make their posts public. Learn more about Instagram visibility.
Show Activity Status: “Allow accounts you follow and anyone you message to see when you were last active on Instagram apps. When this is turned off, you won’t be able to see the activity status of other accounts.” I’m not a fan of sharing activity status, because it reveals behavioral patterns about when you use your accounts.
Photos of You: By default, when someone tags a photo or video of you, it will be automatically added to your profile. When you choose to add photos and videos manually, they’ll appear on your profile only after you approve them. If you check Instagram regularly, it should be safe to keep Add Automatically. Otherwise, choose Add Manually.
Two-Factor Authentication. You’ll need to set this up in the Instagram app; you can’t do it from the Instagram website. In the app, go to menu > Settings > Two-Factor Authentication. Tap Get Started. I recommend enabling Authentication App with the Authy or Google Authenticator app. Text messages can be spoofed and intercepted, so it’s better to use the Authentication App option than the Text Message option. Press the Recovery Codes to get the Copy option, then save them somewhere secure; I use the Notes field of the entry in LastPass. Learn more in How & Why to Use Two-Factor Authentication.
These settings are only available in the Instagram app (menu > Settings > Payments), not on the Instagram website. If you add payment methods to your Instagram account, it’s a good idea to add a PIN to prevent unauthorized purchases.
You won’t find ad settings within your Instagram account. Instagram is owned by Facebook, and the ad settings in your Facebook account apply to your Instagram and Whatsapp accounts (Whatsapp is also owned by Facebook). Here’s how to set your ad settings/preferences in Facebook.
Using Instagram Safely
I recommend not adding location to posts, so that you’re not constantly revealing your location. Learn more in Don’t Post About Travel Before or While You’re Away.
If you want to remove the location from past posts, tap the location name, then tap Remove Location (on iOS) or tap X from Select a Location Page (on Android).
If you’ve set your Instagram account to private, then your posts are only visible to people you approve. When you receive a request, it’s a good idea to verify the person’s identity (that they are the actual owner of the Instagram account, and that they sent you a request). You can do that by asking them in person, or through some other trusted channel that you’ve previously used to communicate with them (email, other social media, text/SMS, phone, etc.). Or you could ask a trusted mutual friend to confirm their identity.
If you use someone else’s device (computer, phone, tablet, etc.) to log into your Instagram account, be sure to log out when you’re finished! Otherwise, the other person can use Instagram as you after you leave.
Just as you need to be careful about clicking links in email and other messages, you must be careful about clicking links you receive in Instagram messages.
Regardless of whether your posts are public or private, be careful what you post. I’ve seen people post pictures of credit cards and plane tickets, and post that they’re on vacation far from home. Be wise about what you share with others. Learn more about the dangers of posting about travel.
Think carefully before you authorize a third-party app on your Instagram account. Be sure you know what permissions the third party will have (what data they’ll receive, and what they can do with your account). Regularly review the third-party apps that have access, and remove those that are no longer needed.
If your account shows posts that you didn’t post, your account may have been hacked. Follow these steps to regain control of your account.
Be careful about sharing Instagram posts outside of Instagram. Private posts you share to social media may be visible to the public depending on your privacy settings for those social platforms. For example, if you connect your public Twitter account to your Instagram account, and share a private Instagram post to Twitter, it will be publicly visible there.