30 short, useful, actionable LinkedIn tips in 30 days from Doctor LinkedIn™, David Petherick. #30×30
#20/30: Don’t get hacked. Use two-step authentication.
Your LinkedIn profile is no good to you if someone else gets access to it with malicious intent.
So here’s a simple step-by-step guide to how to use LinkedIn’s own security tools and simple two-step authentication to avoid the likelihood of that happening, and to make sure your account is fully secure.
Two minutes of your time following these simple steps could save you from a lot of trouble.
Step 1: Add your mobile number
This is a the fast, simple and secure key to ensuring you, and only you, can access your LinkedIn profile – because it’s very likely that you are the only person with access to your mobile phone. You can use a landline, but that’s a little restrictive if you’re travelling!
First, log in to LinkedIn, (you likely already are if you’re reading this) and then click on your little profile photo at top right to access your security settings – as shown below.
Figure 1: Go to the ‘Privacy & Settings’ page on LinkedIn
Now you’ll see the simple options to add a phone number, and also check what devices are logged in and where, which we’ll cover in Step 2.
A shortcut to get here (once you’re logged in) is: https://www.linkedin.com/psettings/
Figure 2 shows the screen of information you will see after you’ve clicked through on Privacy & Settings:
Figure 2: Add a phone number to your LinkedIn
Once you’ve clicked through to Add/Remove Phone numbers, Figure 3 shows the screen of information you need to complete to add a phone number – you’ll also need to enter your LinkedIn password:
Figure 3: Adding a Phone number to LinkedIn.
You’ll then be prompted to enter a security code. This is sent to you via an SMS message to the phone number you’ve just added. Once you have verified your number by entering this security code, your phone will be registered to your LinkedIn account. You’re done.
What this means is that, in future, you’ll need to enter a verification code sent to your phone number whenever you try to access LinkedIn from a new device – for example your phone or tablet, or a home computer, or if you access it from a new country if you’re travelling. Once you have set up a device, you don’t need to verify it again.
If anyone else tries to access your LinkedIn account and uses your correct password, you’ll be notified right away, because you’ll receive an SMS message and also receive an email to your main registered email address.
By the way, I’d recommend having an additional email address registered to your account. Say home and business addresses. For example, I use a personal Gmail address, so that I can access my account and notifications using this as a ‘fallback’ option from any web browser. You can add a new email address by clicking on Email addresses as shown in Figure 2 above.
Step 2: Check where you’re logged on to LinkedIn
Now that you’ve set up your phone number with LinkedIn, it’s worth now checking to see what devices are actually logged in to sessions for your LinkedIn account, and if necessary, signing out from any that are active that might present a security risk.
You’ll find this under the same heading of Account / Basics under your Privacy & Settings.
For example, your shared work computer may still be logged in to LinkedIn, or a tablet that other people have access to – and so you can sign out those devices from this screen.
Figure 4: Check devices currently logged in to LinkedIn
You can see that I’m logged in to 3 sessions here – it’s my Laptop, my iPhone and my Tablet. All are currently working from the same IP address and from the same location using my home wifi, so there is nothing scary there. However, I should probably sign out of my Tablet because someone else is currently using it, and I neglected to sign out.
In the same way, you can see if some device you do not recognise is logged in, and sign that device out immediately. The fact you can see the location helps you spot anything unusual. If you spot a device logged in in a country you’ve never visited, note the details to send to LinkedIn, and sign it out, fast!
Step 3: Test a login on a new device or a new IP address
This is a useful step to make sure your new security settings are operational. Try logging on from a new device, or in a new country. You’ll be prompted to enter a security code as soon as you do this – and this code, of course, will come only to the phone you registered with LinkedIn.
Enter the security code, and your new device will then be registered as an authorised device.
Step 4: Check your email
At the same time as you carry out Step 3, you’ll also receive an email from LinkedIn Security to let you know that access has been attempted from a new device or radically different location. An example of this email is shown below.
Figure 5: Security email from LinkedIn
As you can see, you can immediately spot anything suspicious when you get this email, and anyone trying to get unauthorized access cannot do so without entering the security code that is only sent to your number. So unless they’ve got your phone, you’re safe from an attack even where the hacker has correctly entered your password.
If something like this does happen, it’s worth changing your LinkedIn password (the home/mobile email address is useful in this respect) and contacting LinkedIn to inform them. It also goes without saying, that your LinkedIn password should be quite different from your email password.
- There’s a useful guide to creating highly secure passwords here: https://open.bufferapp.com/creating-a-secure-password/
The simple procedure of linking your mobile number to your LinkedIn account means the chances of unauthorized access to your LinkedIn account are drastically reduced.
So please do it. No time like now. It’ll take you less than two minutes.