Holiday shopping is in full swing this week as we enter the eighth day of the 12 Days of 2FA. Today we’ll look at how to enable two-factor authentication on Amazon to protect your financial information, shopping preferences, and purchases.
Amazon supports 2FA via both text messages and an authenticator app. Authenticator apps are generally more secure and avoid a lot of the downfalls of text messages. However, text messages are more practical if you do not use a smartphone. Consider your threat model and choose the best mode for you. Note, however, that Amazon requires a phone number to enable 2FA regardless of the method you choose.
Follow the steps below to enable 2FA on Amazon.
-
Click on “Accounts and Lists” in the upper right corner.
-
Scroll down to “Settings.” Under “Account Settings,” click “Login & Security Settings.”
-
Click “Edit” next to “Advanced Security Settings.”
-
This page explains a bit about how 2FA works on Amazon. Click “Get Started.”
-
Now you have a choice between using text messages or using an authenticator app. Consider your threat model and choose the best method for you.
-
If you want to use an authenticator app, select “Authenticator App.” Open your authenticator app on your mobile phone, scan the QR code, and enter your verification code.
-
Click “Verify code and continue.”
-
If you want to use text messages, select “Text message (SMS).” Enter a phone number at which you can receive text messages and click “Send.”
-
Shortly after you click, you should receive a text with a verification code. Enter it and click “Verify code and continue.”
-
Now you can add a backup 2FA method. If you chose to use an authenticator app as your primary method above, you can enter a phone number at which you can receive text messages and follow the steps to verify it. If you chose to use text messages as your primary method above, you can follow the steps to set up an authenticator app, or enter a backup phone number. Note that either way, a phone number is required to complete this step and set up 2FA.
-
Before you finish set-up, you’ll see two final notes from Amazon. First, note that some tablets and other mobile devices will not support a separate screen for 2FA. When that’s the case, you can “append” your verification code to the end of your password as shown.
Second, you can choose to skip 2FA on personal or “trusted” devices that you use regularly and keep in your personal possession. Because even trusted devices can be stolen or lost, we recommend that you do not check this option.
Back at your security settings, you can change your preferred and backup 2FA methods, and specify devices that will not require codes.
Stay tuned for more posts on two-factor authentication during the 12 Days of 2FA.