How to protect your LinkedIn account from hackers

Alexander Sverdlov, cyber security expert, shares tips and best practices to ensure your LinkedIn account is protected from hackers.

Change your password as a necessary first step – you don’t know if it has been exposed so better be safe than sorry.

Follow the advice on https://xkcd.com/936/ to create a secure passphrase – it is much better than using words with numbers. Remember, if you came up with P@ssw0rd123, somebody else probably has, too. But YellowHorsesDontCatchFire! is easy to remember and unlikely to be used by anyone else. You get the idea.

Now that your LinkedIn password is safe, let us move on to the next step.

Permitted Services

Throughout your LinkedIn history you may have allowed more than necessary services access to your LinkedIn data. It is time to trim that number.

Go to https://www.linkedin.com/psettings/permitted-services and remove anything you don’t want to access your account.

Did you really sign in from there?

Review the places your account has been signed in from just in case you don’t recognize any of these sessions – and sign out of them if you don’t recognize them. Note: your mobile may be showing a separate location from your computer.

Password Reset Phone Number

Now it is time to add a password reset phone number to which LinkedIn will send you a verification code in case you need to verify your identity in the future.

It is important NOT to use your cell phone number as a recovery phone, because intercepting an SMS is cheap and affordable – now that even small crime rings can afford the equipment necessary, SMS authentication is considered insecure. Plus, nobody else but you will know which number will LinkedIn use to send the verification to.

Google Voice

(If you don’t have one already) We will open a Google Voice account which will provide us with a free US number for use for our recovery process. Remember, if you lose access to your phone and / or the password to your gmail account, you will not be able to recover it if you use Google Voice, as they are essentially using the same account.

Go to https://voice.google.com/ and create an account, you will get a free US number to use with it. Once you get the number, note it down – as it will be your secure phone number for verifications of this account and perhaps others, if you choose to.

Now that you have your number, go to https://www.linkedin.com/psettings/phone and add it there. Make it primary and also check the checkbox next to “Use for password reset”.

Make sure you have protected your Google account using the steps described in my “How to make your e-mail un-hackable” article, where I also describe the usage of an authenticator app on your phone.

2-Step Verification

Now that you have added your phone number to LinkedIn, add it to the 2-Step Verification process here: https://www.linkedin.com/psettings/two-step-verification.

Done!

The end result should look like this:

To compromise your LinkedIn account, a hacker must guess your newly created complex passphrase and then gain access to your protected Google Voice / Gmail account, which is nearly impossible without having access to your physical phone. The opposite is true: if someone gains access to your phone, they will also be able to access your accounts, which is… more or less logical, since most of our lives is on our phones today.

Did you enable fingerprint authentication on your phone?

Leave a Reply to Trending this week – GDPR, LinkedIn account protection and Smart Cities - The Resilience Post Cancel reply

%d bloggers like this: