How to protect your Amazon account with two-factor authentication

Amazon quietly added two-factor authentication as a security option for account holders in recent weeks. Here's how to activate it.

It’s not clear when it happened, but Amazon recently added two-factor authentication as an login option for your Amazon account. This is a key security measure that's long overdue on a site that handles your credit card information.

For several years, we’ve encouraged you to add two-factor authentication to your accounts whenever possible, and Amazon is no different. When the new security option is active, signing in is a two-step process. First, you sign-in with your password as usual, then you’ll be required to enter a short code generated by a smartphone authenticator app or received in a text message.

The advantage is that if your password is compromised by a hacker they won’t be able to access your account without the short code—a much harder proposition.

If you want to add two-factor authentication to Amazon here’s how to do it.


Get started by going to your Amazon account dashboard.

Get started by signing in to your account, and then click on Your Account in the upper right-hand corner.


On the next page, scroll down to the Settings section and click on Change Account Settings.


This will take you to yet another page where you must click on the Edit for Advanced Security Settings.


Now we come to the start of the two-factor authentication process. Click the Get Started button you see on the page as pictured here.


Next, you’ll be asked if you want to receive your codes through an authenticator app or text message. For our purposes we’ll use the authenticator app option. Personally, I use Google’s Authenticator app on Android, but a third-party services such as Authy is also a good choice. Authy has the added bonus of saving your authenticator credentials in the cloud making them available on multiple devices.

Whatever authenticator app you decide to use, scan the barcode (it’s blacked out in the image above), enter the code the app generates for your Amazon account into the text entry box, and click Verify code and continue.


On the next page, you’ll be asked to enter a back-up phone number where you can receive either a text message or voice call to receive codes in the event you lose access to your authenticator app.

Once you’ve entered your phone number and selected to receive either a text message or voice call, you’ll receive a code as a test run, enter it into the text field, and then click Verify code and continue.


The final page just walks you through the process of using two-factor authenticationr. If you’re new to multi-factor login it’s a good idea to read over this page.

This page also has the option to not require sign-ins on your current device, which is selected by default. If you’d rather not use this option un-check the box that says Don’t require codes on this device.

Keep in mind that on a PC “this device” really means “this browser.” If you set-up two-factor authentication on Chrome and then move to Firefox you will have to use two-factor authentication to login on Mozilla’s browser. This will also happen if you delete your browser cookies on your current browser.

Once you’re ready click Got it. Turn on Two-Step Verification and you’re done.

[via Gizmodo]

Join the CSO newsletter!

Error: Please check your email address.

Tags amazon.compasswords

More about AdvancedClickGoogleMozilla

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place