One of the internet’s biggest online stores, Amazon, appears to have finally started giving its users an additional way to protect their accounts.
According to The Verge, some Amazon users can now enable two-step authentication, providing an additional level of security over accounts.
The big advantage, of course, of enabling such a technology is that the verification code changes – meaning that even if a hacker manages to steal your Amazon password, they won’t be able to do anything with the account unless they also the latest verification code.
To enable the feature, log into your Amazon account, click on “Your Account” in the top right hand menu, and choose “Your Account”.
Now if you scroll down the page, you should find the Settings section, containing the option to Choose Account Settings, and then Advanced Security Settings.
After you click on that, Amazon leads you through the process of setting up two-step authentication, with users having the option of receiving an SMS text message containing a verification code or using an app such as Google Authenticator on their smartphone.
Unfortunately, when I tried to enable 2FA on my own Amazon account I was unable to find the necessary setting on Amazon.co.uk, so I have to assume that the company is staggering its roll-out, perhaps limiting the feature to certain territories at this point of time.
Although two-factor authentication may have been a long time coming for Amazon users, we shouldn’t begrudge its late arrival. At least it’s here now (or will, we trust, be available for users outside the United States shortly).
There is no doubt in my mind that technologies like two-factor authentication, whilst not perfect, can dramatically reduce the chances of users having their accounts compromised, and protect online shoppers from some of the phishing threats which are out there.
So, if you can, enable Amazon’s two-factor authentication today.
At the same time, why not take the opportunity to review whether you have chosen a strong, unique password for your Amazon account in the first place. If you’re still using the same dumb password that seemed cutesy to you in 2008, and that you went on to use on umpteen other sites – now is definitely the time to think again.
In order to discover whether your favourite websites have implemented two-factor authentication or not, visit twofactorauthor.org.
Hi Graham,
I’ve been waiting for this for some time! While Amazon have had 2FA on AWS for some time, it’s great news that they’ve finally enabled it on their shopping accounts too.
Like you, I was not initially able to find the 2FA settings on my amazon.co.uk account, but once I’d enabled it on my amazon.com, I found that it was also enabled on my UK account, and the setting is now there and visible on both.
I remember many (10 or more?) years ago that the .com and .co.uk accounts were separate, but I believe the account details/settings have been merged/linked for some time.
Cheers,
Rob.
Sadly this doesn’t yet seem available for me.
I think this is crazy – Amazon needed to have done this a lot sooner for ALL users that wanted the option.
Sean Durrant
I found that if I logged into the .co.uk site it had no advanced option. If I logged into .com, with my details from .co.uk,
1) I got the advanced settings
2) I could register the auth app (google auth app in my case)
3) it is now visible when I log into .co.uk.
Thanks Graham, I was literally just wondering why major online retailers seem reluctant to adopt 2FA (nerdy thoughts)
Thanks Graham, unfortunately I’m not one of the users Amazon has rolled this out to (yet). No ‘Advanced Security Settings’ as an option in my Change Account Settings.
Regards
Nick
You can enable it simply by going to amazon.com instead of amazon.co.uk – it’s the US site. Log in via that and then enable two-factor and it’ll work on the rest of Amazon sites including .co.uk.
Hope that helps!
I’ve enabled it on amazon.com and can now find an option for amazon.co.uk via:
Account Settings
Change Name, E-mail Address, or Password
Advanced Security Settings
However, now it’s enabled, it does not ask for the 2fa at login! I’ve tried 3 machines on both websites…
I wish that Amazon would have provided an option to use Yubikey’s FIDO U2F key. This is a more attractive 2FA to many people than SMS. Since Amazon carries the Yubikey products in its shop, it could have run an attractive promotion for the key – as Github did last month..
No such option for me on amazon.co.uk
Does this article now required a warning?
“So, if you can, enable Amazon’s two-factor authentication today” may be a dangerous suggestion, based on news that you have published since, relating to the potential back-door that might have been uncovered.