Last week LinkedIn announced that is was now offering two-factor authentication. Twitter followed Google & Facebook last month by introducing two-factor authentication. Those who read my blog will know that LinkedIn & Evernote have both suffered data breaches in recent times. Back in June of 2012, LinkedIn was subjected to an attack which saw 6.5 million LinkedIn passwords exposed.
The data breaches have come about from hackers using phishing techniques to socially engineer users to visit a rogue website or install a keylogger to collect your email and password credentials. Since the June 2012 breach, LinkedIn now salts and hash’s credentials. Evernote had been salting credentials prior to their data breach.
Two-factor authentication allows you to choose an additional verification code (normally six digits) which is then sent to your mobile device, when logging into a site from a different device or when the app is installed on a new device. You enter your original password and then the verification code to get access to your account.
LinkedIn two-factor authentication
How to turn on two-step verification for your LinkedIn account:
- Settings > Select the Account & Settings TAB (top right – your profile picture) > click > Privacy & Settings option > Account > Manage security settings > ON
Note: If you turn on two-factor authentication, your LinkedIn apps will not work. Currently, LinkedIn does not support two-factor authentication with their apps. We can only hope they consider using something like Google Authenticator.
Evernote two-factor authentication
How to turn on two-step verification for your Evernote account:
- Make sure all your versions of Evernote are updated (this includes apps)
- Go to ‘security’ section on your Evernote Web Account Settings https://www.evernote.com/SecuritySettings.action
- Click > Manage settings in two-step verification area
You will also need to create the passwords for ‘Authorised apps’ i.e. Evernote Touch for Windows 8. This will show you the date the authorised app was setup and also has an option for revoking access to that app. You can also review the ‘Access History’ which shows which app; the date that app accessed Evernote and the IP address and location. Similar to what Facebook is offering.
Evernote has also introduced an additional feature that allows users to revoke existing versions of the Evernote app from any device. This means if you lose your device, you can still log in to the main site to make sure the app request a password the next time you access the app on your device.
Note: Evernote are only offering this service to Premium and Business users right now. The verification code is generated by Google Authenticator or an SMS is sent to your mobile. You also receive a set of one-time backup codes in the event you don’t have access to a Wi-Fi and cellphone network.
Safe surfing folks!