LinkedIn and Evernote two-step verification

Linkedin_logoLast week LinkedIn announced that is was now offering two-factor authentication. Twitter followed Google & Facebook last month by introducing two-factor authentication. Those who read my blog will know that LinkedIn & Evernote have both suffered data breaches in recent times. Back in June of 2012, LinkedIn was subjected to an attack which saw 6.5 million LinkedIn passwords exposed.

The data breaches have come about from hackers using phishing techniques to socially engineer users to visit a rogue website or install a keylogger to collect your email and password credentials. Since the June 2012 breach, LinkedIn now salts and hash’s credentials. Evernote had been salting credentials prior to their data breach.

Two-factor authentication allows you to choose an additional verification code (normally six digits) which is then sent to your mobile device, when logging into a site from a different device or when the app is installed on a new device. You enter your original password and then the verification code to get access to your account.

LinkedIn two-factor authentication

How to turn on two-step verification for your LinkedIn account:

  • Settings > Select the Account & Settings TAB (top right – your profile picture) > click > Privacy & Settings option > Account > Manage security settings > ON

Note: If you turn on two-factor authentication, your LinkedIn apps will not work. Currently, LinkedIn does not support two-factor authentication with their apps. We can only hope they consider using something like Google Authenticator.

Evernote two-factor authentication

How to turn on two-step verification for your Evernote account:

  • Make sure all your versions of Evernote are updated (this includes apps)
  • Go to ‘security’ section on your Evernote Web Account Settings
  • Click > Manage settings in two-step verification area

You will also need to create the passwords for ‘Authorised apps’ i.e. Evernote Touch for Windows 8. This will show you the date the authorised app was setup and also has an option for revoking access to that app. You can also review the ‘Access History’ which shows which app; the date that app accessed Evernote and the IP address and location. Similar to what Facebook is offering.

Evernote has also introduced an additional feature that allows users to revoke existing versions of the Evernote app from any device. This means if you lose your device, you can still log in to the main site to make sure the app request a password the next time you access the app on your device.

Note: Evernote are only offering this service to Premium and Business users right now. The verification code is generated by Google Authenticator or an SMS is sent to your mobile. You also receive a set of one-time backup codes in the event you don’t have access to a Wi-Fi and cellphone network.

Safe surfing folks!

This entry was posted in android, apple, blackberry, browser, google, linkedin, mobile, privacy, windows and tagged , , . Bookmark the permalink.

2 Responses to LinkedIn and Evernote two-step verification

  1. Yes, you can get 2-factor working with mobile apps on blackberry, android, iphone, etc. First setup your phone as the destination for texted 6-digit two-factor codes from linkedin. You have to do that from a ‘trusted’ device first. Then try to login to linkedin from a browser on your mobile phone – a browser on the mobile phone you are setting up with linkedin app. When your login fails, the linkedin server will send you a 6-digit code. Go the the settings of your linked in app on your cellphone, and then edit the linkedin settings. Put in for password yourpassword+6-digitcode all one long string, and save. This will enable the app to login via 2-factor, and ever after it will just open automagically. If it doesn’t work try again. Occassionally you have to muck with it a bit, but it should work first time out.

Leave a Reply

Your email address will not be published. Required fields are marked *