LinkedIn verification badges: are they enough to stop account takeover?

TL;DR: LinkedIn-style verification badges can reduce impersonation, but they do not prove the person at login is still the verified user, and social media account takeover is reported to be up more than 1,000% according to the Identity Theft Resource Center. The real control gap is login-time assurance, not profile-time verification.

NHIMG editorial — based on content published by 1Kosmos: LinkedIn verification badges and the limits of identity assurance

By the numbers:

• Roughly 40% of all victims of social media account takeover reported either having their personal information misused, while half lost funds or sales revenue.
• More than 70% were permanently locked out of their account while the intruder continued to post new content.
• LinkedIn is expected to capture 25% of all B2B ad spend by 2024, to the tune of $4.5 billion.

Questions worth separating out

Q: What breaks when a platform treats verification badges as enough security on their own?

A: A verification badge only proves that the account passed a proofing step at some point.

Q: Why do verified accounts still get compromised?

A: Verification is often done before or around account creation, while compromise happens later at login or during an active session.

Q: How should organisations handle identity proofing data?

A: They should collect only what is required, keep it for the shortest practical period, and preserve user control over access and reuse.

Practitioner guidance

• Separate proofing from authentication policy Treat identity verification at enrollment as one control and login assurance as another.
• Reduce retained identity evidence Minimise storage of government IDs and other proofing artefacts, and require explicit user consent for any transfer or reuse.
• Bind trust to the active session Use phishing-resistant authentication, device binding, and liveness checks where the account can affect brand reputation, sales, or high-value communication.

What's in the full article

1Kosmos's full article covers the operational detail this post intentionally leaves for the source:

• How the identity verification flow binds a scanned ID to authentication at login.
• The privacy-preserving storage model for proofing artefacts and user-controlled data sharing.
• The specific anti-spoofing checks, including liveness detection and device-level biometrics.
• The NIST 800-63-3, FIDO, and iBeta-aligned assurance model behind the approach.

👉 Read 1Kosmos's analysis of LinkedIn verification and account takeover risk →

LinkedIn verification badges: are they enough to stop account takeover?

Explore further

View Full Forum →  |  NHI Foundation Course →