LinkedIn prompts users to take additional steps when it determines that the logon attempt is unusual. What activities does LinkedIn consider suspicious? This isn’t well documented, but here are a few possibilities.
According to LinkedIn, the service presents a security challenge when the user attempts to sign-in “from an unfamiliar location or device” or when the service detects “suspicious web activity.” In this case, the user might be emailed a verification link or presented with a CAPTCHA challenge.
The security challenge could come up when the user accesses LinkedIn from a new country. In this case, the person would see:
“This sign-in attempt seems unusual for you. As a security precaution, please check your email to verify this sign-in attempt.”
The email message will explain, “Someone just tried to sign in to your LinkedIn account from an unfamiliar location, so we want to make sure it’s really you.” The email will specify the IP address and the country where the attempt originated. The recipient will be advised to click a button to verify the sign-in attempt or click another link to change the password.
Watch out, scammers might misuse this text for phishing!
LinkedIn also presents the verification prompt after an extended absence according to one report on Twitter. Another sighting on Twitter suggests that LinkedIn might be checking for frequent login/logout actions from a single location, though specifics of this logic are a bit unclear.
To reduce the likelihood that the sign-in verification prompt will come up, LinkedIn recommends against signing out “each time you use LinkedIn during the day.” Strangely, the service also suggests that “you sign out at the end of each day.” (I doubt that’s very practical advice.)
It’s great to see that LinkedIn has been taking measures to strengthen its authentication practices!
Update: LinkedIn now offers two-factor authentication. For some thoughts on this feature, see my Google Plus post on this topic.
If this topic interests you, you will also like:
- Scams and Malicious Activities Using The LinkedIn Website
- Two-Step Verification for Apple ID Consistent With Authentication Trends
- Exploring Facebook’s New Social CAPTCHA Authentication