Ads 468x60px

Thursday, November 19, 2015

Amazon Adds Two Factor Authentication

Here's a big deal in the security arena involving Amazon. If you've never heard of two factor authentication it basically means using a password AND some other means to login to a site. For the longest time, Amazon only required you to know your password to login. Without much fanfare, they seem to have introduced a two-step verification feature to their site, where the second factor is getting a PIN code on your mobile.

To enable the feature, click on the Change Account Settings link found under Your Account. From there, click on Advanced Security Settings to manage how and when you receive the security codes. From Amazon's site, they say:

When you enable Two-Step Verification, you will need your mobile phone as well as your password to sign in to your account. After entering your password, you'll need to provide a security code which will come from your phone (either through SMS or an authenticator app). This means that no one can access your account if your password alone is compromised.
You'll be prompted for your mobile phone number, though you can also use an Authenticator app for when you have no mobile signal. They'll also prompt you for a backup, which could be another mobile phone, via a voice call, or again via an Authenticator app. I can see why this isn't broadly announced just yet as the QR Code to download the app is bad and I had to find an Authenticator app separately in the app store. If you use an Authenticator app

So, be sure you'll have your mobile with you if and when you ever want to sign in to the site. The whole process once enabled looks like the following when you want to sign in:
The whole process sounds more complicated then it is but it will make your account more secure in the long run. Once a device has passed two-step verification, you can set it so you're never prompted for the second step again from that device. That works great for a personal computer but something you'll never want to enable from a public terminal.
*Read my Disclosure


  1. I suppose this is good but I don't have a mobile phone. I am however thinking about it if you know of any good phones let me know.