30 LinkedIn Tips: #20/30 – Don’t get hacked
30 short, useful, actionable LinkedIn tips in 30 days from Doctor David Petherick. #30by30 #TheDoctorisIn
#20/30: Don’t get hacked. Use two-step authentication.
- Originally written: October 20, 2017
Text & Images Updated: June 30, 2020
Your LinkedIn profile is no good to you if someone else gets access to it with malicious intent.
So here's a simple step-by-step guide to how to use LinkedIn's own security tools and simple two-step authentication to avoid the likelihood of that happening, and to make sure your account is fully secure.
Two minutes of your time following these simple steps could save you from a lot of trouble.
Step 1: Add your mobile number
This is a the fast, simple and secure key to ensuring you, and only you, can access your LinkedIn profile - because it's very likely that you are the only person with access to your mobile phone. You can use a landline, but that's a little restrictive if you're travelling!
First, log in to LinkedIn, and then click on your little profile photo at top right to access your security settings - as shown above.
Now you need to click through to the 'Account' section of your settings, and choose 'Two-step verification' as shown below.
You will see the simple option to add a phone number - by default this is the phone registered as your phone number in LinkedIn.
You can also check what devices are logged in and where, which we'll cover in Step 3.
A shortcut to get here (once you're logged in) is: https://www.linkedin.com/psettings/two-step-verification
Once you've clicked through to Add/Remove Phone numbers, you need to add a phone number - you'll also need to enter your LinkedIn password.
You'll then be prompted to enter a security code. This is sent to you via an SMS message to the phone number you've just added. Once you have verified your number by entering this security code, your phone will be registered to your LinkedIn account. You're done.
Step 2: Activate two-factor authentication
Again, go to your settings, and click on Account, then switch on to activate two-step verification. The steps to follow are self-explanatory.
Obviously, you should set this up and activate it immediately after you add a phone number.
What this means is that, in future, you'll need to enter a verification code sent to your phone number whenever you try to access LinkedIn from a new device - for example your phone or tablet, or a home computer, or if you access it from a new device if you're travelling. Once you have set up a device, you should not need to verify it again.
If anyone else tries to access your LinkedIn account on a new device and uses your correct password, you'll be notified right away, because you'll receive an SMS message and also receive an email to your main registered email address. But the person won't be able to access your LinkedIn without the authentication code in the SMS message.
By the way, I'd recommend having an additional email address registered to your account. Say personal and business email addresses. For example, among my other email addresses, I use a personal Gmail address, so that I can access my account and notifications using this as a 'fallback' option from any web browser or from my phone.
Step 3: Check where you're logged on to LinkedIn
Now that you've set up your phone number with LinkedIn, it's worth now checking to see what devices are actually logged in to sessions for your LinkedIn account, and if necessary, signing out from any that are active that might present a security risk.
You'll find this under the same heading of Account / Login & Security under your Privacy & Settings page.
For example, your shared work computer may still be logged in to LinkedIn, or a tablet that other people have access to - and so you can sign out from those devices using this screen.
I can see that I'm logged in to 3 sessions here - it's my Desktop on my Mac, also on my Android Tablet, and on my iPhone. There is nothing scary there.
If some device or location you do not recognise is logged in, sign that device out immediately from here. The fact you can see the location helps you spot anything unusual. If you spot a device logged in in a country you've never visited, sign it out, fast, and change your password!
Step 4: Test a login on a new device or a new IP address
This is a useful step to make sure your new security settings are operational. Try logging on from a new device or browser, or do so from a new location. You'll very likely be prompted to enter a security code as soon as you do this - and this code, of course, will come only to the phone you registered with LinkedIn and to your primary LinkedIn email address.
Enter the security code, and your new device will then be registered as an authorised device.
Step 5: Check your email
At the same time as you carry out Step 4, you'll also receive an email from LinkedIn Security to let you know that access has been attempted from a new device or (in my experience) from a radically different location. An example of this email is shown below.
As you can see, you can immediately spot anything suspicious when you get this email, and anyone trying to get unauthorised access cannot do so without entering the security code that is only sent to your designated phone number.
So unless they've got your phone, you're safe from an attack even where the hacker has correctly entered your password. If they have your phone and your password, you're toast. But as you of course have set up and activated the remote kill feature on your phone, even this will not be an issue...
If something like this does happen, it's worth changing your LinkedIn password (the home/mobile email address is useful in this respect) and contacting LinkedIn to inform them. It also goes without saying, that your LinkedIn password should be quite different from your email password. And you should change it regularly.
- There's a useful guide to creating highly secure passwords here: https://open.bufferapp.com/creating-a-secure-password/
The simple procedure of linking your mobile number to your LinkedIn account means the chances of unauthorised access to your LinkedIn account are drastically reduced.
So please do it. Right now. There is no time like the present. It'll take you less than two minutes.
- More Tips: 30 Top Tips for a better LinkedIn Profile – Rounded up and summarised…
- Found these tips useful? Why not thank me by buying me a beer?