12 Jun 2013

LinkedIn's Two-step Auth

The professional social-networking website LinkedIn is trying to increase its security against cyber-attacks by introducing a two-step authentication system. Users of this social-networking can now add, to their accounts, the two-step verification system. This system will add another layer of security when the users attempts to login from another unknown device or computer. If the users enable the feature, they will be asked to key in a numeric code sent to their registered mobile numbers after they enter their registered username and password. This will be required only for the first-time use of the new device.

LinkedIn reported on Friday, May 31, 2013 through a blog post that most of the internet accounts that get compromised are actually illegally accessed from a new computer or device. LinkedIn said that with the introduction of this new two-step authentication, the cyber criminals or hackers will not easily get through because they will be needing both the password and the mobile number of the user to log in.

How it Works?

Once a user enables the two-step authentication feature, he or she will be sent a numeric code to his or her mobile phone. This code will be sent once for every new device. The user will then have to use the code to get access to his or her account.

Footsteps of Twitter

LinkedIn introduced these changes two weeks after the micro-blogging site Twitter introduced the same two-factor authentication system. Twitter was forced to introduce this new system after a series of hacks that targeted some of the most high-profile businesses that use the micro-blogging site.

Is Two-Step Authentication Foolproof?

Some security experts say that though the two-step authentication is actually an extra layer of security, it is still not a foolproof method of preventing cyber-attacks. Hackers can very easily use email phishing to get hold of the code. What the hackers can do is create a fake login page and prompt the users to enter the authentication code they received on their mobile phones. This can kill the very purpose of the two-step authentication.

]]>