LinkedIn has joined Google, Facebook and Twitter and taken a serious step toward improving user security.
It now offers two-factor online authentication, also called two-step verification or two-step authentication, an optional feature that will make it much harder for online miscreants to break into accounts.
The new feature comes just about one year after hackers broke into LinkedIn's servers, stole the weakly encrypted passwords of 6.4 million account holders and posted them online.
"Most Internet accounts that become compromised are illegitimately accessed from a new or unknown computer (or device)," LinkedIn director Vicente Silveira explained in a blog posting Friday (May 31). "Two-step verification helps address this problem by requiring you to type a numeric code when logging in from an unrecognized device for the first time."
Data breaches and hacked accounts have made headlines on a nearly daily basis in the past year. As a result, major tech companies are turning toward such two-factor-based authentication solutions.
Asking users to verify their identities with something that they know, such as a password or a PIN, combined with information on something that they own, such as an ATM card or a mobile phone, makes it hard for anyone else to gain unauthorized access.
The most common form of online two-step authentication requires users to log in with not only their traditional passwords, but also one-time numeric codes sent to their mobile phones.
Google and Facebook implemented two-step online verification in 2011, followed by PayPal and Dropbox last year. Microsoft, Apple, WordPress, Twitter and Evernote all took the two-factor plunge in the first five months of 2013, although Apple's solution was arguably incomplete.
Users who wish to add this layer of security to their LinkedIn account — and we recommend all LinkedIn users do so — can enable it on their settings page.
Two-factor authentication goes a long way toward keeping accounts more secure, but it is no magic bullet. Hackers could still glean sensitive account details using phishing emails or spoofed login pages.
Remember, even if an email or Web page looks official, it's always important to verify who's really sending the messages and where the links inside of them really lead.