Don't get hacked! Switch on LinkedIn two-step authentication...
David Petherick
I make you visible, legible & credible. Experienced digital marketer, project manager, team builder and content creator.
Your LinkedIn profile is no good to you if someone else gets access to it with malicious intent. And security researchers have recently highlighted the fact that there are more and more bad actors out there attempting to access your LinkedIn account.
So here's a simple step-by-step guide to how to use LinkedIn's simple two-step authentication to avoid the likelihood of that happening, and to make sure your account is fully secure.
Two minutes of your time following these simple steps could save you from a?lot?of trouble.
Step 1: Add your mobile number
This is a fast, simple and secure key to ensuring you, and only you, can access your LinkedIn profile - because it's very likely that you are the only person with access to your mobile phone.
First,?log in to LinkedIn, and then click on your little profile photo at top right to access your security settings - as shown above.
Now you need to click through to the 'Sign in and Security' section of your settings, and choose first 'Phone numbers' and then 'Two-step verification' as shown below.
You will see the simple option to add a phone number - by default this is the phone registered as your phone number in LinkedIn.
You can also check what devices are logged in and where, which we'll cover in Step 3.
A shortcut to get here (once you're logged in) is: https://www.dhirubhai.net/mypreferences/d/two-factor-authentication
Once you've clicked through to Add/Remove Phone numbers, you need to add a phone number - you'll also need to enter your LinkedIn password.
You'll then be prompted to enter a security code. This is sent to you via an SMS message to the phone number you've just added. Once you have verified your number by entering this security code, your phone will be registered to your LinkedIn account.?You're done.
Step 2: Activate two-factor authentication
Again, go to your settings, then switch on to activate two-step verification. The steps to follow are self-explanatory.
Obviously, you should set this up and activate it immediately after you add a phone number.
What this means is that, in future, you'll need to enter a verification code sent to your phone number whenever you try to access LinkedIn from a new device - for example your phone or tablet, or a home computer, or if you access it from a new device or IP address if you're travelling. Once you have set up a device, you should not need to verify it again.
If anyone else tries to access your LinkedIn account on a new device?and?uses your correct password, you'll be notified right away, because?you'll?receive an SMS message and?also receive an email to your main registered email address. But the person won't be able to access your LinkedIn without the authentication code in the SMS message.
By the way, I'd recommend having an?additional email address registered to your account. Say personal and business email addresses. For example, among my other email addresses, I use a personal Gmail address, so that I can access my account and notifications using this as a 'fallback' option from any web browser or from my phone.
There is an alternative method of using two-factor authentication. You can use Google's Authenticator app, again on your mobile phone. This generates a code which you need to enter to login in as a second form of authentication.
Step 3: Check where you're logged on to LinkedIn
Now that you've set up your phone number with LinkedIn, it's worth now checking to see what devices are actually logged in to sessions for your LinkedIn account, and if necessary, signing out from any that are active that might present a security risk.
领英推荐
You'll find this under the same heading of Sign In & Security.
For example, your shared work computer may still be logged in to LinkedIn, or a tablet that other people have access to - and so you can sign out from those devices?using this screen.
If some device or location you do not recognise is logged in, sign that device out immediately from here. The fact you can see the location helps you spot anything unusual. If you spot a device logged in in a country you've never visited, sign it out, fast, and change your password!
Step 4: Test a login on a new device or a new IP address
This is a useful step to make sure your new security settings are operational. Try logging on from a new device or browser, or do so from a new location. You'll very likely be prompted to enter a security code as soon as you do this - and this code, of course, will come only to the phone you registered with LinkedIn and to your primary LinkedIn email address.
Enter the security code, and your new device will then be registered as an authorised device.
Step 5: Check your email
At the same time as you carry out Step 4, you'll also receive an email from LinkedIn Security to let you know that access has been attempted from a new device or (in my experience) from a different location.
You can immediately spot anything suspicious if you get this email unexpectedly, and anyone trying to get unauthorised access cannot do so?without entering the security code that is?only?sent to your designated phone number.
So unless they've got your phone, you're safe from an attack?even?where the hacker has correctly entered your password. If they have your phone and your password, you're toast. But as you?of course?have set up and activated?the remote kill feature on your phone, even this?will not be an issue...
If something like this does happen, it's worth changing your LinkedIn password (the home/mobile email address is useful in this respect) and contacting LinkedIn to inform them. It also goes without saying, that your LinkedIn password should be quite different from your email password. And you should change it regularly.
Conclusion
The simple procedure of linking your mobile number to your LinkedIn account means the chances of unauthorised access to your LinkedIn account are drastically reduced.
So please do it. Right now. There is no time like the present.?It'll take you less than two minutes.
________________________
About David Petherick
David is a?LinkedIn Profile Doctor?who makes you visible, legible and credible on LinkedIn. He works across the world from his base in Edinburgh, Scotland, and occasionally from other cities. Learn more about his services at the?doc.scot?website.
For a limited period once a week, David offers free ten-minute microsurgery sessions to help you improve your profile.?Why not?book an appointment to suit your diary?today?
macOS Senior Support Specialist
2 个月Wow... After reviewing this... 11 months and Authenticator as a method for 2factor... is still broken. Great Work LinkedIn/Microsoft.
Senior Site Reliability Engineer at Akamai
1 年using SMS codes for verification is a terrible idea. It makes you a target for a phone takeover. I tried using Authenticator App verification, but LinkedIn's implementation is broken. Fix this LinkedIn!
Helping mid-sized organizations increase sales and improve customer service since 1993 | #LinkedInLocal
1 年I have turned on 2FA on all services and platforms that allow it. Critically important in order to keep our information safe! Some people grumble "it's more work". Yes, it adds a few steps ... but do you know how much work it is when someone has hijacked your LinkedIn, Facebook, or other account? Or gained access to your bank account? Thanks for the "how-to" David Petherick!
Profile Marketing ~Job Search Strategy ~ Career Branding ~ Communications & PR ~ Media Contributor & Writer ~ Debunking Ageism & Stereotypes
1 年Super important post as never enough reminders David. I guesstimate only 50% turn 2-step on. What % do you observe?