Amazon is the most popular online shopping platform by far, which makes it a popular target for phishing attacks, scams, and attempts to access accounts using credentials from breaches.
To truly protect yourself we recommend using a strong password as well as two factor authentication. You can keep track of complex unique passwords quickly and easily using a password manager. That aside, here’s how to turn in two factor authentication on Amazon.
Save 81% on a VPN with SurfShark
Surfshark has dropped the price of its VPN to £1.94 a month. Head over to Surfshark now to pay a one time price of £46.44 for 24 months of Surfshark and save 81%.
- Surfshark
- 81% off
- £1.94 a month
You’ll need
- Your Amazon account login credentials
- Access to the email address associated with it
- An authenticator app for your smartphone
The Short Version
- Install an authenticator
- Open your Amazon security settings
- Confirm your identity
- Select your authentication type
- Enrol your authenticator
- Save your authenticator entry in the app
- First authentication
- Finalise it
Step
1Install an authenticator
If you don’t already have a preferred authenticator, download one – you’ll probably want to use a mobile phone for this, but other platforms are supported. Popular choices include Google Authenticator, Microsoft Authenticator, our personal favourite, Aegis Authenticator, which is open source, but only available for Android. I’ll be using Aegis on my Android phone in the screenshots for this tutorial, but the process of linking the app and generating a One-Time Password (OTP) is the same across all authenticators.
Step
2Open your Amazon security settings
Log in to your Amazon account. From the Account & Lists menu, select Your Account. Click Login & security, then select the Edit button in the Two-Step Verification (2SV) Settings section.
Step
3Confirm your identity
A notification will be sent to the email address associated with your Amazon account. Check your email for the approval message. Either click the “Please approve or deny” hyperlink or – to be extra sure you’re going to the right place – manually copy the supplied URL that you’ll find in the same message and paste it into your browser bar. Click Approve.
Step
4Select your authentication type
You’ll momentarily be taken to the Two-Step Verification (2SV) Settings page. Click Get Started. You should avoid using your phone number as a proxy for identity so, on the Enroll a 2SV authenticator page, select the Authenticator App radio button.
Step
5Enroll your authenticator
An accordion section will unfurl to reveal a QR code and some short instructions. On your phone, open your authenticator app. Add an account – this is usually done by tapping a plus sign on the main screen. Select Scan QR code and use your phone’s rear camera to scan the QR code displayed on Amazon’s authenticator enrolment page.
Step
6Save your authenticator entry in the app
On your phone, an entry for Amazon should be automatically created. Make sure it’s named clearly, then tap Save.
Step
7First authentication
You’ll be taken to the main screen of your authenticator, where your new entry should appear, with a six-digit code beneath it that changes every minute or so. Type that six-digit code into the Enter OTP box on Amazon’s site and click the Verify OTP and continue button next to it.
Step
8Finalise it
If successful, you’ll be taken to the Almost finished… page, where you you’re notified of Legacy Sign-in methods for devices that can’t display OTP pop-up prompts and the option of disabling 2FA for trusted browsers, including the one you’re using right now. Select the yellow “Got it, Turn on Two-Step Verification” button at the bottom of the page.
You’ll finally be taken to your Two-Step Verification (2SV) Settings, which can to access at any time in the future via Amazon’s Login & security page.
Troubleshooting
This is safe to do on a secure home PC – any connection to your account from a new browser will still require you to generate an OTP to confirm it, meaning stolen credentials cannot be used to connect to your account without your one-time password generator. However, if someone you don’t trust (or who won’t know better than to spend your money on Amazon) has access to your computer, you’ll definitely want to avoid disabling 2FA for that browser.
If you take more than five minutes over linking or approving your authenticator, you may have to start again. You’ll be prompted to re-enter your Amazon password and, with that done, you’ll be taken back to the Enroll a 2SV authenticator page.
Unfortunately, Amazon doesn’t support a wide range of backup authentication methods – your only option is to link a mobile phone or a second authenticator. You should do at least one of these, as you could be locked out of your account if you lose your primary authenticator. Mobile numbers are the worst form of two-factor authentication, but they’re better than nothing. However, I recommend using a backup authenticator – free password manager Bitwarden includes a built-in OTP generator that you can add by clicking Add new app under Preferred method and following the same steps you did earlier.
If you’ve remembered to set a backup 2FA method, this is its time to shine. Otherwise you’ll need to go through Amazon’s recovery process. This requires you to scan/photograph and submit an official government identity document, and can take a couple of days to be processed. For reasons of both time and privacy, I strongly recommend setting a backup authentication method.
While authenticator settings can generally be transferred between devices, you might want to turn off authentication just to be sure. Go to the Two-Step Verification (2SV) Settings page, click the Disable button, enter your OTP and confirm that you want to disable it.
Kaspersky Home Security
Keep your online activity safe and private across multiple devices – without compromising speed.
Check out Kaspersky’s new security plans from just £10.99 per year
- kaspersky
- Money back guarantee
- from £10.99
You might like…
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
