The Mac Security Blog

How To

Protect Your Amazon Account with Two-Step Verification

Posted on by

Amazon Two-Step Verification

Amazon has recently added two-step verification to its website. This means that you can protect your account with an additional layer of security.

If you use two-step verification when you sign into your Amazon account, you’ll enter your email address and your password, and then you’ll be required to enter a six-digit code that will be sent to you by SMS. (For a brief overview how two-step verification works, read this article about setting up two-step verification for iCloud.)

You don’t have to use this method of securing your account, but it’s a good idea if you do. Two-step verification prevents others from accessing your account on other devices.

The following describes how to activate Amazon’s two-step verification.

How to turn on Amazon’s two-step verification

Go to your account page on Amazon, and then in the Settings section, click Change Account Settings.

change-account-settings

Sign into your account, and then in the Advanced Security Settings section, click “Edit.”

advanced-security-settings

On the next screen, choose how you want Amazon to send you verification codes. Amazon lets you choose from any phone numbers linked to your account. If you don’t see the phone number you want to use, you’ll need to add it to your account.

phone-number

Click “Send Code,” and then, when you receive the code on your phone, enter it in the text field and click the “Verify code and continue” button.

You can also choose to use an authenticator app. This is an app that can receive codes securely, which is useful if you need to get codes on more than one device, such as an iPad that cannot receive text messages. One such app is the free Authy, which you can use with Amazon, but also with Google, Dropbox, Facebook, and other sites. Authy also has an Apple Watch app, which can make it even easier to receive codes.

With an authenticator app, you scan a QR code, and the app connects with the website to verify itself. It then displays a six-digit code, which you have to enter in a limited amount of time. When the time runs out, it generates a new code.

Once you’ve set up your primary contact method, Amazon asks you to set up a backup, in case you lose your phone. This could be a text message to another phone, a voice call to a landline, or an authenticator app. So while your primary method may be your phone, choose the best method as a backup. If you don’t have a landline, you should use the authenticator app. However, if you have only one iOS device, and lose it, then you won’t be able to get the code. So you might want to add the phone number of your spouse, partner, or a friend you can trust.

After you’ve completed the process, Amazon displays a page explaining how this all works, and asks you to confirm that you really want to turn on two-step verification.

how-to-use Amazon two-step verification

Read this carefully to make sure you understand the process. At the bottom of the page, you can choose “Don’t require codes on this device.” If you do that, you’ll be trusting the device you’re using, and you won’t need to enter any codes in the future. You’ll have to do this on each device you log in on, but once you’ve trusted them, you won’t be bothered again. If you share your computer, you might not want to check this option; after all, two-step verification is designed to prevent others from accessing your account on other devices. Note that a “device” is not just a computer, but a specific browser on a computer. So if you use more than one browser, you’ll need to trust each one separately.

Now that you’ve successfully turned on two-step verification, you’ll see a page confirming your primary and backup methods for receiving codes. Check this carefully.

two-step verification turned on confirmation

You can add another backup method here if you wish, and you can also un-trust all your devices (which, at this point, should just be the current one). Click “Require codes on all devices” to do this.

Finally, if you’re not sure you really want to go this route, click “Disable Two-Step Verification” at the bottom of the page.

If you ever want to make changes to your two-step verification settings, you can do so from your account’s Advanced Security Settings section. For example, if you change your phone number, you should turn off two-step verification temporarily, or make sure your backup method is available, so you can enter the new phone number. Note that if you have Amazon accounts using the same email address in more than one country, turning on two-step verification applies these settings to your account in each country.

Two-step verification is the best way to secure your Amazon account. It’s a bit of a hassle at first, but once you’ve set it up you’ll have more peace of mind.

About Kirk McElhearn

Kirk McElhearn writes about Apple products and more on his blog Kirkville. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →