Enabling the feature requires going to the Your Account page and clicking Change Account Settings. From there, you can follow the instructions under Advanced Security Settings to setup two-factor authentication (2FA).
News of Amazon’s roll-out of enhanced security options broke yesterday when Engadget reached out to Amazon after noticing the settings in the control panel. The company said it quietly added support a couple of weeks ago, in time for the November shopping season.
With 2FA enabled, logging in takes a little more effort than before but your account is better protected against attackers. Each time you login, for example after signing out or on a new device, you’ll have to use the Amazon app on your phone to generate an access code, or wait for one to arrive via text message, after you have entered your email address and password. You then enter the code and are granted access.
The feature prevents hackers from logging into your account using stolen details. If the site is hacked and email addresses and passwords taken, your account should be safe. Even with your password, the attackers can’t login without the unique code sent to your phone each time they try. Likewise, there’s no need to worry if somebody watches you type in your password while out in public.
Two-factor authentication can make the login process less simple but security experts tend to unanimously recommend it is enabled where possible. The technique should still be combined with other common-sense measures such as a distinct, secure password for each service.
The list of websites that support 2FA is growing and now includes most major companies and online retailers. Amazon has made do without for longer than many people would have liked.
The company now supports it in full, offering to deliver codes via authenticator apps like Authy and Google Authenticator or just with a simple SMS. You can also set up ways of restoring access should you lose access to your phone. Once you’ve signed in, devices can be marked as trusted so you don’t need to use a code when logging in again in the future.
The busiest shopping period of the year is just around the corner, bringing it with added incentive for cyber-criminals looking to attack accounts. Amazon’s implementation of two-factor authentication couldn’t come at a better time and users would be well-advised to set it up as soon as they can, provided they can adapt to the two-stage login system.