Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

LinkedIn adds Two-Factor Authentication to Accounts

One year ago this month, 6.5 million passwords were taken from LinkedIn. Last week, the company proved they are still fine-tuning their security posture by introducing two-factor authentication to the mix.

One year ago this month, 6.5 million passwords were taken from LinkedIn. Last week, the company proved they are still fine-tuning their security posture by introducing two-factor authentication to the mix.

It was the story of the summer in 2012. LinkedIn, 24-hours after the story broke, confirmed that a list of 6.5 million passwords uploaded to a Russian forum came from their site. Given LinkedIn’s connection to the business world online, such a security incident had a wide reach. LinkedIn never commented on the results of their internal investigation into the incident, but it remains one of the largest breaches on record for the year. 

What was confirmed however is that the stolen passwords were stored without salt, an extra measure of password protection when combined with a hashing algorithm (LinkedIn used SHA-1). The lack of salt allowed the members of the Russian forum to crack all 6.5 million passwords in less than two weeks.

Part of the recovery included password changes, which would introduce new protections including “hashing and salting of our current password databases,” LinkedIn noted in a statement at the time. 

Later it was disclosed in their Q2 2012 financials that the breach cost LinkedIn upwards of $1,000,000, most of which was used for forensics work and other incident response measures. The company’s CFO, Steve Sordello said that an additional $2-3 million would be spent on additional network protections.

It would seem then, that some of that money went into the development and implementation of two-factor authentication. The option was announced this week in a blog post.

“At LinkedIn, we are constantly looking for ways to improve the security of our members’ accounts,” wrote Vicente Silveira. The option to enable two-factor authentication is available now, and centers on sending a randomly generated code via SMS to the user’s phone. Instructions for enabling it can be found here

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.