As reported by multiple outlets, hackers were able to compromise the LinkedIn account of Mark Zuckerberg, the CEO of Facebook. They also broke into his Twitter and Pinterest accounts, likely using a password generator. It's an odd turn of events, since it hit such a nerve with users and security experts. Strangest of all is that many so-called "experts" called for people to change their passwords only, which is obviously not the best strategy anymore. LinkedIn was hacked a few years ago as well, and a recent report suggests as many as 117 million accounts were compromised.
If you follow the advice of the "experts" to only change your password, you might find yourself in a similar situation as Zuckerberg, especially if you maintain a few accounts online. I was hacked on Twitter once a few years ago and it is a disconcerting feeling. There's the initial shock and loss of control over something you use on a daily basis. When you decide to fight back (in my case, but convincing Twitter to restore my account), it should be a wake up call to do something more than change your password and go back to pretending that you can't be hacked again.
Stop and think about this for a second. LinkedIn is quickly becoming the primary tool for business communication. People find jobs on LinkedIn, they post articles like this, they communicate via the messaging tools, they post in discussion groups. As social media becomes more and more important, you have to wonder why so many people take security so lightly. "It won't happen to me" is not a good strategy when you know it happens to everyone, even the CEO of the largest social media company ever.
The trick is to use two-factor authentication. For LinkedIn, hover over your picture on the upper-right of page and select Privacy & Settings. Then click the Privacy tab. Scroll all the way down to Two-Step Verification and click Turn On. If you don't have a cell phone added to your account, you'll go through a process to add one. This involves receiving a code on your smartphone you have to enter into a field at LinkedIn.com. Once you enter the code, go back to the Two-Step Verification option and enable it again. You'll receive another code you have to enter. That does the trick.
Now, you'll find that this entire process of verifying your login gets annoying after a while. On any computer you own, every app, every time you borrow a laptop, you will have to go through this step of typing a password, receiving a code on your phone and typing it in--although it is saved for each device. Yet, the two-step dance is important because it means your account is almost unhackable. (If someone steals your phone or hacks your phone somehow, there's still a danger.)
A little effort in security goes a long way, however. It gives you the peace of mind that your LinkedIn account (and any other login for other sites) is protected. It means if the database for those accounts is hacked and you lose your password, your account is still safe. The code changes for every login and only lasts for a while. Two-step verification is available for Facebook, Twitter, Gmail, Yahoo, and just about every other major online site in existence.
Will you try it right now? Don't just change your password. Build a fortress around your online accounts. You can thank me later.