How to Enable 2-Factor Authentication for Amazon.com Account?

I am a huge fan of two-factor authentication (also known as 2FA) for all online accounts because passwords aren’t really great security. Even the best, most complex password can be detected, particularly if you’re using someone else’s device, and then they’re in and have full access to your account! A great solution is biometrics – fingerprint, face print, etc – but that’s more than a bit unmanageable for individual online accounts. Instead, two factor.

The idea is simple: Accessing your account goes from something you know to something you know AND something you can access. The sequence is easy: You log in as normal with your login and password, then the site sends a secret one-time numeric sequence to your phone that you are prompted to also enter for access. Don’t have your phone? You can’t log in. Which is exactly what you want, because then someone nefarious hackerl33t at that questionable Internet Cafe can’t steal your account even though they stole your password.

Let’s get this set up before your next login! You’ll need both a computer and a phone that has texting capabilities.

HOW TO UPDATE AMAZON.COM ACCOUNT SECURITY

Start out by going to the Amazon.com Web site in a Web browser. Log in with your usual credentials. Now on the top right it’ll say “Hello <name>” and immediately below it say “Account & Lists”. Click on that and you’ll get to this screen:

From this point, click on the top middle option: Login & security.

Since it’s particularly sensitive, Amazon will prompt you to enter your account password again:

Once you’re signed in, you’ll see more information about what Amazon knows about you and how your account is currently set up:

You can change your password – not a bad thing to do after a long international trip, by the way! – update your email, add or change your registered mobile phone number, etc. But what we want to do is enable 2-step verification, done by clicking on the “Edit” button adjacent to “Two-Step Verification (2SV) Settings“. 2SV, 2FA, there are lots of names for this security solution!

ENABLE TWO-STEP VERIFICATION FOR AMAZON.COM

Now things are going to start getting more interesting. That “Edit” button will reveal this helpful information:

You can see the tutorial on the bottom. It’s in the wrong order, but still useful: You’ll sign in, then be prompted for your two-step verification code, then check your smartphone (or watch!) to get the code. Enter it carefully, it’s a 6-digit number, and you’re logged in and ready to shop!

To enable it, click on the yellow “Get Started” button.

It’ll prompt for your phone number. Remember, this needs to be a phone that 1. can receive sms text messages, and 2. is with you every time you want to log in to Amazon.com:

Note that you can also use an Authenticator App on your smartphone if you prefer not receiving text messages. Choose that at the very bottom of this window. Advantages? If you receive text messages on your computer, possession of the computer won’t let criminals into your account. Disadvantage? If you migrate phones, you can potentially lose access to your account. I recommend using the authenticator app as a backup method, as I’ll highlight a bit later in the process.

Okay, ready to proceed? Enter your phone number, then click “Continue“.

On the computer screen, it’ll change to a prompt for that secret code:

Meanwhile, on your phone, you’ll get a text message similar to this:

Note that Amazon sends you a different six-digit code every single time and it only works for about 5-10 minutes max. This means that it’s impossible for someone to guess your code: There are 10**6 or 1,000,000 possible codes!

The eagle-eyed among you will notice above that Amazon offers “Resend OTP” under the “Continue” button and identifies the code sent to you as your “Amazon OTP”. What’s an OTP? It’s one-time password and it’s yet another name for the two-factor authentication code. You’ll see “OTP” used throughout the Amazon site in this context. Confusing, I know.

Enter the six-digit code, click “Continue” and…

This screen’s important: If you have a legacy Amazon device like a Kindle, it can’t prompt for that OTP, so next time you go to log in, it will reject your correct password, preventing you from logging in. Don’t panic, though: It’ll send one of those one-time passwords to you via text message, then use it as your password or, as they suggest, append it to your existing password and try again. Logged in.

Of course, if you have no legacy Amazon devices, this is indeed a step you can skip.

Scroll to the bottom of this page.

That checkbox is something you’ll see frequently when using two-factor authentication with your Amazon account: “Don’t require OTP on this browser”. Assess for yourself: If it’s your home iMac and lives in the kitchen, maybe that’s trustworthy. But that dirty desktop PC you’re renting for 30 minutes at the sketch Internet Cafe near the cruise ship port of call? Definitely do NOT check this box. 🙂

Click “Got it. Turn on Two-Step Verification” and you’re done!

If you’re so inclined, here’s where you can set up an authenticator app like Google Authenticator, Authy, or Microsoft Authenticator (all apps you would install on your smartphone in advance) as a backup access method. It’s a smart idea, I recommend it.

That’s it. You’re now protected from people stealing your password and accessing your Amazon account, whether it’s a family member wanting to access your shopping history or a hacker wanting to order a shiny new laptop on your dime. Now, did you know you can set up this same two-factor authentication for your Google, Microsoft, eBay, PayPal, Twitter, and Facebook accounts too? Just search my site for “two-factor authentication” and you’ll find I have tutorial instructions for all of these popular sites!

Pro Tip: I’ve also been writing about Amazon, eBay, and other online commerce sites since the dawn of the Internet. Really. Please check out my Amazon online shopping help area for more tutorials and articles too!