Jack Wallen/ZDNETLast week I woke up to find a litany of emails from LinkedIn alerting me to shenanigans. There were password reset emails, pin codes, and even a message that 2FA had been turned on.What? I already had 2FA turned on and never turned it off. Also: Did you get a fake invoice from McAfee? How the scam works and 2 things you should never doI wondered if the AT&T breach could have been the cause of this situation because the timing was too suspect to ignore, but whatever caused it, I could no longer access my account.I don’t actively use LinkedIn because I’m not actively seeking work and I don’t speak fluent business. However, when new clients are looking to add me to their roster of writers, that’s where they find me. So… it’s still an important account for me. But that’s not the reason why I was so adamant about getting my account restored. Even though I don’t post on LinkedIn, a lot of my clients do post my work and tag me. Imagine if a hacker were to get access to my account and then trash my reputation by posting a barrage of terrible, horrible, no good, very bad things. We live in an era where that’s very much a concern (or should be) and anyone who gets an account hacked (even a Facebook or X account) should act to recover it immediately… otherwise the risk of falling victim to such reputation-ruining havoc could be disastrous.Also: The best VPN services of 2024: Expert tested and reviewedLet me make a quick public service announcement before I continue.This is the very reason why it’s imperative that you start using a password manager to not only keep your passwords secure within encrypted vaults but to also start using passwords that are very strong and unique. It’s time to do away with password123 and start using things like Ur*t23xVj&_2112. On top of that, any time you can enable multi-factor authentication (or passkeys), do it. Even though nothing is perfect, the more security you can add to your accounts the better. My suggestion would be to always use passkeys (when more sites start making them available) because that’s your strongest option.And now, back to our regularly scheduled programming.LinkedIn.When I realized the password reset wasn’t going to work (because the culprit had re-enabled 2FA after they’d changed my password), I had no choice but to go through the process of reclaiming my account.Also: The best LastPass alternatives of 2024When I started this process, I received an email from a third party called Persona. Given my usual suspicion of third-party services, I was hesitant to click on any link until I was absolutely certain it was legit. I went so far as to reach out to a contact I had with LinkedIn to ensure Persona was its account recovery service.Lo and behold, it was.Using the service required my phone because I had to take a photo of my driver’s license (which was why I was so hesitant to use the service in the first place). After clicking the link on my phone, it opened my camera app and guided me through snapping a photo of the front and back of my license. Unlike some reports of Persona, I did not have to take a selfie to prove the person in the driver’s license photo was the person attempting to recover the account (some services do require this). More
