Enterprise-focused social network LinkedIn reports that it is now offering a two-step verification system for its 255 million users. All LinkedIn accounts are already protected by a series of automatic checks that are designed to thwart unauthorized sign-in attempts, the company states, but now users have another layer of protection against hackers. To get this new security measure up and running, users will need to provide their mobile phone number.
"Most internet accounts that become compromised are illegitimately accessed from a new or unknown computer (or device)," writes LinkedIn's Vicente Silveira. "Two-step verification helps address this problem by requiring you to type a numeric code when logging in from an unrecognized device for the first time. This code will be sent to your phone via SMS."
To turn on two-step verification, users can simply log in and click their icon to activate the Account & Settings menu. Here users can click Privacy & Settings, the Account tab and then the Manage security settings link. After that, turn Two-step verification on, hit the Done button, and then enter a verification code that's sent to the listed mobile phone number. Simple.
"When enabled, two-step verification makes it more difficult for unauthorized users to access your account, requiring them to have both your password and access to your mobile phone," he adds.
The new two-step solution arrives nearly a year after LinkedIn was hacked in early June 2012, forcing the company to reset the passwords of all affected accounts. Around six million users were reportedly affected although the company did not officially confirm how many passwords were actually involved, merely stating that "some" were compromised.
LinkedIn's two-factor authentication service arrives after Twitter finally did the same last week. Both essentially force users to provide a password and an additional method to verify their identity in order to log in from a new device. Like Google's own two-step process, users will likely be required to re-verify each device every thirty days.
"Every day, a growing number of people log in to Twitter," said Jim O'Leary from Twitter's Product Security Team last week. "Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web."
Sending a separate login code to the user's phone should help eliminate unauthorized access to the account, whether it's Gmail, Twitter or LinkedIn.
