Change your password as a necessary first step – you don’t know if it has been exposed so better be safe than sorry.
Follow the advice on https://xkcd.com/936/ to create a secure passphrase – it is much better than using words with numbers. Remember, if you came up with P@ssw0rd123, somebody else probably has, too. But YellowHorsesDontCatchFire! is easy to remember and unlikely to be used by anyone else. You get the idea.
Now that your LinkedIn password is safe, let us move on to the next step.
Throughout your LinkedIn history you may have allowed more than necessary services access to your LinkedIn data. It is time to trim that number.
Go to https://www.linkedin.com/psettings/permitted-services and remove anything you don’t want to access your account.
Password Reset Phone Number
Now it is time to add a password reset phone number to which LinkedIn will send you a verification code in case you need to verify your identity in the future.
It is important NOT to use your cell phone number as a recovery phone, because intercepting an SMS is cheap and affordable – now that even small crime rings can afford the equipment necessary, SMS authentication is considered insecure. Plus, nobody else but you will know which number will LinkedIn use to send the verification to.
(If you don’t have one already) We will open a Google Voice account which will provide us with a free US number for use for our recovery process. Remember, if you lose access to your phone and / or the password to your gmail account, you will not be able to recover it if you use Google Voice, as they are essentially using the same account.
Go to https://voice.google.com/ and create an account, you will get a free US number to use with it. Once you get the number, note it down – as it will be your secure phone number for verifications of this account and perhaps others, if you choose to.
Now that you have your number, go to https://www.linkedin.com/psettings/phone and add it there. Make it primary and also check the checkbox next to “Use for password reset”.
Now that you have added your phone number to LinkedIn, add it to the 2-Step Verification process here: https://www.linkedin.com/psettings/two-step-verification.
The end result should look like this:
To compromise your LinkedIn account, a hacker must guess your newly created complex passphrase and then gain access to your protected Google Voice / Gmail account, which is nearly impossible without having access to your physical phone. The opposite is true: if someone gains access to your phone, they will also be able to access your accounts, which is… more or less logical, since most of our lives is on our phones today.