"Most internet accounts that become compromised are illegitimately accessed from a new or unknown computer (or device). Two-step verification helps address this problem by requiring you to type a numeric code when logging in from an unrecognized device for the first time," explained LinkedIn director Vicente Silveira.
To turn the feature on, users have to go to their Account Settings, and chose to review their Privacy & Settings, then select the Account tab and the Manage security settings option. Once the option is turned on, they are required to register and verify their mobile phone number. Unfortunately, they chose not to offer the option of using an app such as the Google Authenticator to create verification codes.
The security code is received via SMS, and the first time users try to log into their accounts from a specific device (computer, tablet, mobile phone), they will be asked to enter it.
While two-step verification can be thwarted by phishers who set up pages emulating LinkedIn's login page, complete with asking the user to enter the verification code, it should nevertheless reduce the number of account hijackings.
The social network also implemented automatic sending of notices to the users' email address every time their account is accessed via a new device.
If their accounts do get hijacked, at least they will know immediately - that it, unless the email address they associated with the account got compromised first. Still, that is something that LinkedIn does not have control over.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.