Just last week we mentioned the addition of two-factor authentication at Evernote; then LinkedIn snuck a blog post on Friday, May 31st, telling the world about their new SMS authentication. We are glad to see these popular services upgrading their authentication from password-only to password and SMS. It’s not hacker-proof – there are ways to defeat two-factor – but this is much better than password-only.
Here’s the skinny on the setup: Log into the LinkedIn website and on the top right, under your name, you’ll see Settings. Click that, and on the bottom left you’ll see Account.
Click that to get a Privacy Controls column to the right of the Account button; at the bottom of that column is a Manage Security Settings link.
Click that to go to a new screen: Security Settings. While you’re there, make sure to check the box that says “A secure connection will be used when you are browsing LinkedIn.”
Below that you’ll see the new two-factor option. Turn it on, they will ask for a phone number where you can receive an SMS, and they will send an SMS. When you log in you will get a congratulatory email titled “You’ve turned on two-step verification”, which says something like this:
Hi Gal,
You’ve successfully turned on two-step verification for your LinkedIn account.
We’ll send a verification code to phone number ending in XXXX (United States) whenever you sign in from an unrecognized device.
Learn more about two-step verification.
Thank you,
The LinkedIn Team
The link in the email takes you to this website, which is their FAQ on two-factor authentication.
Note: The warning when you turn on the SMS piece is “Note: Some LinkedIn applications will not be available when you select this option.” If you’re using apps that link to LinkedIn there may be some breakage. I haven’t found any yet in the two apps I integrated.
Reader interactions
3 Replies to “LinkedIn Rides the Two-Factor Train”
This breaks the LinkedIn App for Windows phone.
But who uses Windows phone, besides us neo-Luddites who refuse to buy into the Apple ecosystem?
Even on iOS – there isn’t a second input box for the one time password, you enter it at the end of your password.
It reminds me of the good old days of connecting through VPN and appending my SecureID at the end of my Radius password.
This SMS stuff is madness. It isn’t user friendly, it costs money every time you use it for a lot of people (Yes, in some countries inbound SMS are charged) and you can’t “register” more than one device other than by using some SMS relaying service.
On the other hand, the Google authenticator app on iOS clearly was not designed to have 12 items in the list. I have multiple services registered in it which show up with just my email address – I have to remember that the first one is gMail, the second one is Microsoft, etc.
They’re both better than nothing though.