Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

LinkedIn adds Two-Factor Authentication to Accounts

One year ago this month, 6.5 million passwords were taken from LinkedIn. Last week, the company proved they are still fine-tuning their security posture by introducing two-factor authentication to the mix.

One year ago this month, 6.5 million passwords were taken from LinkedIn. Last week, the company proved they are still fine-tuning their security posture by introducing two-factor authentication to the mix.

It was the story of the summer in 2012. LinkedIn, 24-hours after the story broke, confirmed that a list of 6.5 million passwords uploaded to a Russian forum came from their site. Given LinkedIn’s connection to the business world online, such a security incident had a wide reach. LinkedIn never commented on the results of their internal investigation into the incident, but it remains one of the largest breaches on record for the year. 

What was confirmed however is that the stolen passwords were stored without salt, an extra measure of password protection when combined with a hashing algorithm (LinkedIn used SHA-1). The lack of salt allowed the members of the Russian forum to crack all 6.5 million passwords in less than two weeks.

Part of the recovery included password changes, which would introduce new protections including “hashing and salting of our current password databases,” LinkedIn noted in a statement at the time. 

Later it was disclosed in their Q2 2012 financials that the breach cost LinkedIn upwards of $1,000,000, most of which was used for forensics work and other incident response measures. The company’s CFO, Steve Sordello said that an additional $2-3 million would be spent on additional network protections.

It would seem then, that some of that money went into the development and implementation of two-factor authentication. The option was announced this week in a blog post.

“At LinkedIn, we are constantly looking for ways to improve the security of our members’ accounts,” wrote Vicente Silveira. The option to enable two-factor authentication is available now, and centers on sending a randomly generated code via SMS to the user’s phone. Instructions for enabling it can be found here

Written By

Click to comment

Expert Insights

Related Content

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Funding/M&A

Identity and access governance vendor Saviynt has closed a $205 million financing round.