I admit I am not a fan of shopping, but if it has to be done, I vastly prefer to do it online. Nowadays the vast majority of my household purchases arrive in an Amazon box (apologies to my UPS delivery driver).
So if someone were to try and get their hands on my Amazon account, I shudder to think how much damage they could do to my credit. That’s why I made sure to enable Two-Factor Authentication (2FA) on my account – to make it a bit harder for a criminal to go on a shopping spree on my dime.
We’ve covered how to set up 2FA for Gmail earlier – now I’ll walk you through setting up 2FA on your Amazon account. It only takes just a few minutes and if you do a lot of shopping on Amazon, you should give it a try.
1) On a desktop computer, log in to your Amazon account as usual with your username and password. Keep your mobile phone handy for later steps.
2) Once logged in, click the Your Account menu item, at the top right near the Shopping Cart.
3) In the “Your Account” area, scroll down a bit until you see “Settings – Password, Prime & E-mail” and then click “Login & Security Settings,” which appears directly beneath “Account Settings.”
4) At the bottom of the “Change Account Settings” screen, click “Edit” next to “Advanced Security Settings.”
5) Now you’ll see an introductory screen telling you all about what Amazon calls “Two-Step Verification” – in other words, Two-Factor Authentication. Click “Get Started.”
6) Now Amazon gives you a choice in how you may want to receive your authentication code – Text message (SMS) or via an Authenticator app. For this step, I’m going to choose the Text Message option, but I will walk you through the Authenticator app in step 8.
To set up Text message authentication, enter your cell phone number and then hit “Send Code.”
7) Within a few moments, a text message should arrive on your phone, telling you what your Amazon security code is. Enter that code back on the Amazon screen, and hit “Verify code and continue.”
8) The next screen will prompt you to add a backup method to authenticate into your account, say if you no longer have access to your main phone or do not have cell service. You have the choice here between a text message, a voice call, or Authenticator app.
An important thing to note here is that you can’t use the same phone number you did in step 6 for either the backup text OR voice call. And since I only have one phone number, I will be using the Authenticator App.
To get an Authenticator app set up and connected to your Amazon account, here’s what you need to do:
- Keep the Amazon window open on your desktop computer.
- Open your phone’s app store – the Apple App Store or Google Play, for example.
- Do a search for “Authenticator App”:
- A number of options will come up – you’ll want to make sure you use an Authenticator from a reputable provider, like Amazon, Microsoft, or Google. I personally use and prefer the Google Authenticator, so that’s what I’ll demonstrate here for you.
- Download the Authenticator app you’ve chosen (Google Authenticator in my case).
- Open the app.
- Tap the button in the app that allows you to add a new website. In the Google Authenticator, it’s the plus + button at the top right.
- Tap “Scan barcode.”
- Your phone’s camera will turn on and you’ll see a green box on your phone’s screen. Hold your phone up to your desktop computer window so your phone camera can scan the barcode shown on your Amazon account.
- It takes just a second to scan, and you should shortly see an entry on your Authenticator that says Amazon, six digits, and the email address you use for your Amazon account.
- Now, enter the six digit code shown on your Authenticator app back on your Amazon account screen, and hit “Verify and continue.”
9) Now that you’ve added a backup method, Amazon will show you one last screen about using 2FA on older devices (like an older Kindle) as well as disabling 2FA on computers you frequently use.
10) That’s it! Amazon will confirm that you’ve enable 2FA on your account, and you are good to go.
You’ll also get an email from Amazon confirming this change to your account.
With 2FA set up you now have an extra layer of security on your account, and can shop a little bit safer. (2FA won’t save you from your own shopping spree of course, so be careful out there.) Will you be giving 2FA a try? Is there another service you use online that you’d like to see a 2FA guide for? Let us know in the comments.
ludo
What if you’re french ? :) unfortunately i don’t have the advanced security button on my french account, any idea if this will propagate to us any soon ?
Alan
Doesn’t appear to be on the UK site either… :-( Looks like an Amazon.com thing only.
Darren E Green
Does not work in the UK either…only USA
Anonymous
Canadians don’t have that option either….
Maria Varmazis
Thank you all for noting that apparently 2FA is only enabled on Amazon US. That’s an oversight in my article above and I apologize that I hadn’t included it. I do hope that Amazon makes this security feature GLOBALLY available as soon as possible. Thankfully, several readers below have commented a possible workaround in the meantime if you’d like to enable 2FA for your account.
Marian Stiehler
Yes, there is another service I would like to see explained: Sophos Home. Which is remotely controlling my Antivirus.
Wait… You don’t support 2FA.
Why on earth don’t you sit down with your own company and implement this? Anti Virus is a critical application!
Paul Ducklin
You’ve spurred me on: I think I’ll do just that tomorrow. (The sitting down part, I mean. The implementation will probably take a little longer :-)
Can’t make any promises, but I’ve already passed on your comment.
In the meantime, go large on your password…that’s what I did.
Anonymous
Or Canadian? No Advanced Security button for us either…..
Chris
Not in the UK either, no advanced security button.
Jim
My problem was that two people use my Amazon account, myself and my wife. We have separate phones, and we’re only likely to be near the other one’s phone a few hours a day. But, I couldn’t find a place to add extra phones to which it could send the text message(s).
Were you able to find a way around that?
David Pottage
It ought to be possible to share accounts using an authentication app.
When you get to step 8 in the instructions above, scan the same QR code using the authentication app on both yours and your wife’s phone. You should find that the app on both phones are generating identical codes.
One thing to be aware of, is that if either of you tell amazon that you have lost your phone, and you want to enrol a new one to use the authentication app, then amazon will probably change the key material used for the app, so both phones will have to be enrolled again.
Jim
Thanks! I’ll try that.
Chris Hager
While I appreciate this article, saying you’re not a fan of shopping is just weird. Really? How do you come by your gadgets/software/other cool stuff? Osmosis? Maybe you should post an article on acquiring tech goodies by osmosis.
Paul Ducklin
“Fan” is short for “fanatic” – means someone who really likes something. I’m not a fan of Association Football (too few goals), but I’ll probably watch the Euro 2016 final on TV by choice, and might even enjoy it.
Maria Varmazis
I purchase the goodies/gadgets/cool stuff with gratitude for how they make my life easier, but I don’t enjoy the actual process of acquiring stuff, no. Some people do, and that’s okay by me too.
The moment I can order anything I want via replicator, believe me I’ll write plenty of articles about it :)
M Parkes
I am sorry to see a few too personal emails aimed at the author of this article, this is a security blog aimed at helping us become safer not a social media site where occasional hate messages are posted, are we not all adults? Be ashamed of yourselves. I am also from the UK and can confirm this does not appear on the UK settings yet, hopefully it will or maybe this should spur us all on to contact Amazon and get it put in place for all countries. I for one would like to thank the likes of Maria, Duck, Chet, John, Lisa and all the other Naked Security authors for their tireless efforts and enthusiasm for the subject, I am very proud of you all and Thank You.
Anonymous
You can use 2FA outside of the US (at least, I have enabled it in the UK). What you need to do is log in to amazon.com (the US site), rather than your local amazon.xxx. Then you will find the 2FA option described above. Once enabled on the US site it is also enabled on the UK site.
T.Toth
I just called Amazon Customer Service here in Canada about setting up
2FA and she asked me : what is two step verification ?
Anon
just visit amazon.com and logon it will work, and then u can turn on two step, it works for the UK, because I use it.
Kierz
I’ve just enabled this on Amazon UK, but when I signed out and then in, I wasn’t asked for any verification. Maybe it takes a while to be implemented?
Anonymous
What an over-complicated process thought up no doubt by some-one who had a good lunch and was bored one afternoon at work. ‘Those whom the gods wish to destroy, they first send gobble-de-gook computer waffle’. Wouldnt two passwords work just as well, dah!
Bob.
I think the whole 2 method authentication is a PIA.
I don’t mind the 2nd method as much as the hoops you have to jump through.
We are a married couple – have one account and both need to access it. I should be able to send the authentication to whatever device is available. But there appears no way to do this. HOWEVER when I do need authorization I am given a choice of – getting a text (to a ground line) or sending the code to one of two devices – but There is no indication of what each option is or how to change it.