LinkedIn adds two-factor authentication

“All LinkedIn accounts are already protected by a series of automatic checks that are designed to thwart unauthorized sign-in attempts,” said LinkedIn director Vicente Silveira in a blog. “Now, we are introducing a new optional feature that adds another layer of security to your LinkedIn sign-in: two-step verification.”

Silveira said that most internet accounts that become compromised are illegitimately accessed from a new or unknown computer (or device). Two-step verification helps address this problem by requiring users to type a numeric code when logging in from an unrecognized device for the first time. This code will be sent to a phone via SMS, thwarting (in theory) most would-be hackers who don’t have access to that mobile phone.

Meanwhile, LinkedIn members have access to three months of free Bitdefender anti-virus software via the LinkedIn Safety Centre.

“Businesses and professionals are the high-value targets that online criminals seek out for bank fraud, identity theft, account hijacking and other cyber crime,” said Bitdefender chief security strategist Catalin Cosoi, in a statement. “We’ve been developing innovative technologies and strategies to fight these crimes for more than a decade, and we’re eager to help.”

Also, social media platforms continue to grow as areas of concern, with attackers targeting them more, users putting themselves at risk by oversharing on them, and their legitimate services being co-opted to support cybercriminal activities. Last June a LinkedIn file containing close to 6.5 million unsalted password hashes was posted on the internet, which hackers immediately fell upon to try and crack. In the wake of that the professional social network faced a $5 million law suit over the data breach, which was ultimately dismissed.

Meanwhile, in January, Facebook became the victim of a watering hole attack, aimed at mobile developers. An exploit hosted on a developer site was a Java zero-day (patched by Oracle on 1 February). And, Twitter has been the target of an ongoing series of account hijackings by the Syrian Electronic Army, which has been compromising media handles like NPR and the BBC, posting bogus tweets in support of the Bashar al-Assad regime. Twitter recently rolled out two-factor authentication itself.

What’s Hot on Infosecurity Magazine?