Secure your LinkedIn account with multifactor authentication

This isn’t exactly a topic I normally write a post about, as I normally write posts related to the Microsoft 365 suite, but I find it important that also?personal online accounts are kept secure. And as I already wrote an article related to?personal email accounts ?with a FIDO security key, I know using a FIDO key isn’t accessible (and understandable) for most end-users. But I hope this post will get users to start using?multifactor authentication?(MFA) to secure their social media accounts as a beginning in further securing their online accounts. And as I’m not even sure this article is found by end-users as it’s not really related to the usual topics of this website, but I’ll give it a go. If only one user starts using MFA and secures his online accounts, the mission is accomplished ??

Why should we enable multifactor authentication?

Most people these days know a?password isn’t secure enough anymore.

A simple password can be hacked in days or even hours. We (should) create stronger passwords, but these aren’t easy to remember, so these are written down on post-its.

We hear in the news websites are hacked and millions of user accounts and passwords are captured. And as a lot of people use the same password for multiple accounts, all those other accounts might be accessible for hackers as well when just one website is hacked.

So we should start using something different as a password to keep our accounts secure.

Microsoft engineers said 99,9% of the account compromise incidents they deal with could have been avoided by using multifactor authentication. So I assume that’s no different for our social media accounts.

But what is multifactor authentication?

This is the explanation by Microsoft:

Microsoft:

Multifactor authentication (MFA) adds a layer of protection to the sign-in process. When accessing accounts or apps, users provide additional identity verification, such as scanning a fingerprint or entering a code received by phone.

Multifactor authentication adds an?additional authentication method?to our authentication process. The traditional authentication process only uses something we?know?(a password in this case). MFA adds an additional method to this process, something we?have?(our smartphone on which we receive verification codes).

Another authentication method could be something we?are?(biometric verification, like a fingerprint).

Let’s explain it also with an example, signing in to a Twitter account. Without using multifactor authentication, we sign in to Twitter by providing our username (or email address) and our password. When we enable MFA for our Twitter account, we can’t sign in anymore with only our password, we need to provide a?second factor to sign in. That second factor is provided to us for example by receiving an?SMS text message?which holds a?verification code?that you enter during the sign-in process. Or that verification code is generated by an?Authenticator app?that is installed on your mobile device. When MFA is enabled and our password is in the hands of a hacker, the hacker still can’t sign in to our account as access is blocked when the verification code isn’t entered.

I will show in this blog post how we can enable multi-factor authentication for?Twitter,?LinkedIn,?Facebook, and?Instagram. These social media services all support multifactor authentication by using an?Authenticator app?and/ or receiving a?text message?via SMS.

Enabling MFA doesn’t mean we need to provide the verification code every time we open the social media website or app. Only when we need to sign in (again) to the service, we’re asked to provide the verification code.

Setup an authentication app

I find it handy to use an?authentication app?for my social media accounts, as I already use this app to secure other accounts as well. You might also already have such an app installed because you’re already using it for the account of your employer.

And using such an app is considered more secure than via SMS (as even an SMS message can be intercepted). But MFA via SMS is accessible for most users and always better than no MFA.

There are multiple authenticator apps available in the?Google Play store?and the?Apple App Store. Well-known apps are for example the?Microsoft and Google Authenticator?apps.

In my examples, I used the?Microsoft Authenticator?app (on Android) as I already use it for securing my Outlook account and a benefit of this app is that we can save a backup of our added accounts (to an Outlook/ Hotmail account) with cloud backup.

Adding an account to the Microsoft Authenticator app is pretty straightforward. When we open the app for the first time it asks to sign in with a Microsoft account, or Work- or schoolaccount. If you have one of these accounts, you can sign in (for example to save a backup to the Microsoft account), but you can also skip this.

To add a new account click on the?three dots?on the top right and choose?+Add account.

Choose?Other account.

The?QR code scanner?is started.

When adding an authenticator app as an authentication method, mostly this can be done by scanning a?QR Code.

If this is not possible, we can?manually?add a code to add the account.

After adding an account, it is shown on the home tab.

And that’s all to add a new account to the authenticator app.

Now when you’re asked to provide an authentication code, just open the app, click on the social media account, and a code is shown.

When you need to authenticate on your mobile phone, you can copy the code and paste it into the app.

Setup MFA for LinkedIn

Let’s also make our?LinkedIn?account a bit more secure.

When you’re signed in to?LinkedIn ?via a web browser, click on your profile picture in the top bar and choose?Settings & Privacy. Open the?Sign in & Security?section and choose?Two-step verification. Choose?Turn on.

Select?Authenticator app?from the drop-down list and click?Continue.

Open the authenticator app on the mobile phone to?scan the QR code, as shown in the?Setup an authentication app?section. This adds LinkedIn as an account to the app.

Click on LinkedIn in the mobile authenticator app to show an authentication code.?Enter the 6-digit code?on the LinkedIn website and click?Continue.

Multifactor authentication is?turned on.

We can also add?Phone Number (SMS)?as multifactor authentication, but unfortunately we can’t add both methods at the same time.

To set up a phone number as a method, enter your?mobile phone number?and an authentication code is sent to your mobile.

Enter the code on the LinkedIn website and click?Verify.

After enabling multifactor authentication, every time you sign in to LinkedIn, you’re asked to provide an authentication code after providing the username and password.

In case that you ever receive a notification code (via SMS) and you didn’t sign in to LinkedIn yourself or there is another reason you think somebody else tried to access your account, you can check?sign in history?to check if you see an unknown location in the list. And it is a good idea to change your password, just to be sure.

To see from where your account is signed in, browse to?Sign in & Security,?Where you’re signed in. When you find an unknown session, you can click Sign out, to sign out that particular session.

To read the full article where also is described how to enable multifactor authentication for Twitter, Facebook and Instagram, visit my website .