Protect your Amazon account with Two-Step Verification
Two-Step Verification is a popular method to improve the security of accounts by adding another verification step to the authentication process.
It blocks attackers from accessing the account with the password alone, as they need the second code as well for that once Two-Step Verification is enabled.
Companies like Google, Twitter or PayPal use two-factor authentication already, and Amazon is the latest to introduce the feature for Amazon accounts.
The feature is being rolled out in the United States as we speak which means that you need to enable it on the US site to make use of it.
It will work with regional Amazon sites afterwards as well though.
Note: You may not need to perform the first step to enable Two-Step verification. Skip it and go directly to Step 2 below instead to give it a try.
Caution: There seems to be no option to create passwords for devices that don't support Two-Step authentication. It is unclear right now how those are handled and if they continue to work after enabling Two-Step Verification.
First thing you need to do is add a mobile phone number to your account. This is best done on the local Amazon site and not Amazon.com unless you are from the United States.
The reason for this is that users are reporting currently that verification SMS are not reaching their phones when they are using the main Amazon site. It works for some though but it is better to use a local site for that as you won't run into this issue.
Step 1: Adding a mobile phone number to your Amazon account
- Open the local Amazon website in your browser of choice, e.g. https://www.amazon.com/.
- Select "Your Account" on the frontpage.
- Select "Change Account Settings" on the next page. You find the option under Settings on the page (third from top).
- Sign-in to your Amazon account if you have not done so already.
- Locate the "mobile Phone Number field" and select add or edit depending on what is being displayed there.
- Pick the right country code and enter your phone number afterwards.
- Click continue and wait for the message to arrive on your phone. You may resend it or edit the number if you made an error.
- Enter the code that you have received and submit it on the Amazon website to verify the mobile phone number.
Step 2: Turning on Two-Step Verification
Now that you have added a phone number to your Amazon account, you may enable Two-Step Verification for the account as well.
Note: Codes are either sent to the device through SMS or generated directly on the device using a compatible authenticator application.
- Visit the Amazon Account Settings page again (as described above).
- Select the edit button next to "Advanced Security Settings". This opens the wizard to enable two-step verification.
- Click Get Started on the next page.
- Select one of the two verification options.
- Method 1 requires a mobile phone. Enter it and click on the send code button to receive a verification code via SMS. Enter that code and click on the verify code button.
- Method 2 requires the use of an authenticator app like Google Authenticator or Authy.
- If you select Method 2, you still need to add a phone number as a backup method. This time however, you may select between SMS or voice call.
- Once that is out of the way, you are taken to the final step of the process. Amazon explains how Two-Step Verification works.
The process itself is similar to how authentication works on other online sites supporting Two-Step Verification:
- Sign in using your email address or phone number, and password in step one. This works on all Amazon sites.
- You receive a code via SMS or need to open the Authenticator app to see the current code.
- Enter the code in the second step.
- Optionally, enable "don't ask for codes on this device" to avoid having to enter codes on the device in the future.
Finally, click on the "got it. Turn on Two-Step Verification" button to enable the feature for your Amazon account.
Disable Two-Step Verification on Amazon
Disabling Two-Step Verification is a quick process.
- Open the Amazon Account Settings again and sign in if you have not done so already.
- Select the edit button next to "Advanced Security Settings".
- Scroll down on the page and click on "disable Two-Step Verification".
- Confirm that you want to disable Two-Step Verification.
Note: Once you have enabled Two-Step Verification on Amazon.com, options to manage the feature become available under Account Settings on regional Amazon sites as well.
I managed to enter my phone number on my local Amazon page without a hitch, but when I go to amazon.com to enable two-step verification, I get stuck on step 2: “Add backup method”.
I won’t allow me to use the same phone number as I did in step 1, because it is already “setup to receive codes”.
So I basically have to either install their app (no thanks) or get a second phone number.
I never had this issue when enabling 2-step on Google or Dropbox.
Is there a workaround for this nonsense?
Hm, I did not run into the issue. In fact, the mobile phone number was already filled out so that I only had to hit the send code button.
I had the exact same problem, I have NO other phone than a cell phone, and it’s a Windows phone, so not likely to support any Amazon app.
No available to me on U.K. site. But turned it on , on the U.S. site. Only doing it to give me more reflection time before buying latest “heart’s desire”
No available to me on U.K. site. But turned it on , on the U.S. site. Only doing it to give me more reflection time before buying latest “heart’s desire” —————-Wed 18th Nov 2015,[email protected] 16 : 16 hrs
I wonder if two-factor auth breaks camelcamelcamel.com and Amazon TV Apps.
Amazon is failing to send me SMS msg. I’m in USA with Verizon.
So can’t test it.
Hope it does not break my Samsung TV App and Camel3.
Well my Google Voice number got the SMS within a second on first try, so who knows. Bad Verizon, bad!
But it won’t take my Verizon as backup. And it keeps saying Authy code is wrong, even though I setup correctly.
Bad Amazon! Clearly you did not test well enough, bad Amazon!!
Finally, got the codes. POS!
Anyways..
Camel3 is still working. :)
Amazon Instant Video on my TV is working and oh my it has been upgraded as well. New design completely. Sweet!
Don’t see anyone talking about it either. Samsung TV.
Only the main front page has changed. That is, TV Series and movie listing pages are the same. It’s just the “home page” has been completely redesigned.
Thanks for the info. I put Authy on my cell and added it on a pc as a chrome app. Then I started with Amazon. The barcode read part of the setup was a little awkward but I managed to figure it out. I have Authy set up with Amazon now with a backup sms to my cell phone. A simple test worked smoothly, much easier than the setup. I plan to put paypal and other accounts on 2 step. I’m pretty sure I can get it ‘family approved’.
Something weird going on with Amazon. Yesterday I tried to get an app from their app store for my Fire and it said they could not sell it to me because I was not in an approved Country. Wow, they are blocking the US, who would have thought it? I guess they know what they are doing.
Emailed CS and they told me to use a different CC (it’s an Amazon one) and then gave me a link to my music content. What?
I’m heading for jet.com and newegg.com in the future.
WARNING WARNING
In agreeing to give Amazon your mobile number, you are also giving them approval to send marketing information to your device (part of the fine print).
I discovered this when my attempt to add my number to my .ca account failed (not receiving the sms) and was talking to customer service. The lady asked me if I understood that by adding it, I also was agreeing to the receipt of amazon marketing to my phone. I informed her that it was because of the two-step verification process which she then informed me would not work on my .ca account (at the moment anyhow), and that the two came in a bundle – marketing and two-step; you don’t get one without the other.
Google Voice numbers work for this (both as the primary and the backup)–and as a bonus, can be used to filter out spam should Amazon start spamming the number(s).
DO NOT give out your phone number. You are exchanging privacy for the illusion of more security. It allows them to track your mobile device. When you go into retail stores they will identify your mobile and sell as much information about you as they can collect to third parties.
how to implement to my web site