Question: enabling LinkedIn 2FA with authenticator app - algorithm? Intervall? Type? (sorry, off-topic)

The Water Cooler
,
1

Hi all,

Sorry for being so much off-topic, but I was hoping that someone here uses LinkedIn with an 2FA Authenticator App and might help me quickly.

It seems that LinkedIn no longer provides QR codes for enabling the 2FA authenticator apps. Now, they only provide the secret and account name without further information.

However, the QR code also included more information beyond the secret, which all together is necessary to create the 6 digit OTP.

The informally established default constellation of choices from the IETF standards are totp-sha256-30seconds, which is also used by default by my FreeOTP. However, it seems to be not the default of LinkedIn, since it fails to generate working OTPs.

Does anyone use LinkedIn 2FA with authenticator app and can let me know which “interval” (15, 30, 60, 120, 300 seconds), “algorithm” (sha1, sha224, sha256, sha384, sha512) and “type” (totp, hotp - I am quite sure it’s totp, so “type” ain’t so important) this service uses?

Alternatively, since LinkedIn always presumes the Microsoft Authenticator, does anyone know the defaults of that authenticator? LinkedIn makes clear any authenticator app can be used, so it seems to implement the IETF standards, but the question is which choices/constellations of the standards they have chosen :frowning:

In case you can let me know the algorithm, interval and type (these are public information shared among all users of this service), please ensure to NOT post your secret here!

Don’t invest much time, but if someone has their authenticator app ready and can have a quick look, it would be very appreciated :slight_smile:

Testing would take too much time, since LinkedIn creates a new secret with each attempt (which is generally a good practice), and I thus have to enter it manually each time in FreeOTP and then try again with all the many constellations :open_mouth:

Sorry for being off-topic :wink:

2

I only tried logging in to web app, not mobile app. After I toggled off 2FA and back on, I saw QR code on Linkedin Web app and scanned it using FreeOTP. However, 2FA settings on LinkedIn and FreeOTP do not show detailed settings.

1 Like
3

Interesting. I also use web app. But in my case, I do not get a QR but only the secret, which on itself is not sufficient, and since the FreeOTP defaults ain’t the properties used by LinkedIn, the remaining possibilities of properties I would need to test would take too long (I tested it twice … entering each time the newly-created secret manually :frowning: ). I think I will try sha1 once tomorrow, since this is also still widespread. But I’m wondering about the web app output.

This is how it looks on my side when using the web app:

linkedin-2fa-without-qr
linkedin-2fa-without-qr1277Ă—670 45.3 KB

I just saw you also wrote on Matrix :smiley: We might exchange there, to avoid the off-topic here :smiling_face: Thanks for your support btw!

4

I thought this was the water cooler :thinking: :bangbang: :+1:t5:

I’ll try it with my KeepassXC since I use it for OTP now.

1 Like
5

Well, it’s the water cooler & off-topic , but these usually still have a relation to Fedora :smile: or, well, yeah, I run linkedin in Fedora’s browser :thinking: I guess I take that justification :sunglasses:

At this time I am more curious than I want to solve the problem. LinkedIn seems to take for granted that defaults of Microsoft Authenticator (and “any other authentication app”) fit their 2FA settings. FreeOTP obviously doesn’t. It will be interesting if KeepassXC uses “suitable” defaults of the IETF standard. Btw, I wasn’t aware that KeepassXC provides OTP functionality.

Supplement: Hank told me he gets a QR code at linkedin when using it with the browser. I don’t (obviously as seen above). Just in case you will try to enable this 2FA on linkedin: how about you?

It is strange that both Hank and me use Firefox (I already tried with ublock and all apps disabled and firefox set to standard security settings). As far as it concerns me, it is Fedora’s firefox built I use, which uses slightly more restrictive policies than the default from Mozilla (the only explanation I have so far). Alternatively, it could be some setting set in LinkedIn :thinking:

But it remains an interesting case xD

2 Likes