The popular social media app has confirmed that it’s testing out two-factor authentication, TechCrunch reports. Users can now verify their phone number with the app so that if someone attempts to log in with an email address and password, the app will send a text message with an authentication code that the hacker would also need in order to access the account.

Facebook (FB), which owns Instagram, has offered this feature for more than four years now, and some are saying that it’s overdue for Instagram. For regular, everyday users, having someone hack an account can be annoying. For people who have built large followings and make money off promotional opportunities, it could mean suffering financially. Hackers can also spam app feeds and friends, likely driving away followers and, consequently, brand partnerships and paydays.

The new security feature appears to still be in testing stages and has not yet been rolled out to all devices. One Instagram user tested two-factor authentication earlier this month, and noted that it still had some bugs to work out. He writes that he was incorrectly locked out of his account for an hour, warning his readers, “Use this new feature at your own risk.”