0

A LinkedIn blog post about the recent password dump says:

We take the safety and security of our members' accounts seriously. For several years, we have hashed and salted every password in our database, and we have offered protection tools such as email challenges and dual factor authentication. We encourage our members to visit our safety center to learn about enabling two-step verification, and to use strong passwords in order to keep their accounts as safe as possible.

What is the "email challenges" security tool that they mention? I couldn't find anything relevant by searching their website.

Mr. Bultitude
  • 349
  • 1
  • 3
  • 10

1 Answers1

2

It's basically a variation on two factor authentication that checks whether the user has access to their registered email address by emailing them a link containing a token. It is under the assumption that an attacker that has gained access to a LinkedIn account might not have gained access to the user's email inbox.

See here. Extract below.

LinkedIn prompts users to take additional steps when it determines that the logon attempt is unusual. ... the service presents a security challenge when the user attempts to sign-in “from an unfamiliar location or device” or when the service detects “suspicious web activity.” In this case, the user might be emailed a verification link ... The security challenge could come up when the user accesses LinkedIn from a new country. In this case, the person would see:

“This sign-in attempt seems unusual for you. As a security precaution, please check your email to verify this sign-in attempt.”

SilverlightFox
  • 34,178
  • 6
  • 73
  • 190