Amazon Has Been Using Two-Factor Verification Since At Least July
Amazon has gone public with a new security measure this week.
Engadget reports that Amazon is now offering the option of two-factor authorization:
Relying solely on passwords to secure important accounts may be outdated, but until they’re gone for good your best alternative is locking things down with two-factor authentication: Amazon. Considering you probably already have a credit card or other payment info stored there, it just makes sense to add an extra layer of security that makes sure it’s really you logging in. The only problem? Until recently Amazon didn’t have any option to support the feature, but now it does. I noticed the new option while updating my password last night (also a good security idea), and one of the engineers told me it launched a couple of weeks ago after a private beta.
For those not familiar with the term, two-factor authentication is a type of security measure where you first log in with your password and username, and then type in a security code which is usually sent to you by email or SMS (Paypal used to give out keyfobs which would generate a code you could enter).
You can find out more at Amazon.
It’s worth looking into, because chances are we’re going to see this with the Kindle apps at some point (as well as Amazon’s other apps). I know this because I’ve already encountered two-factor authorization while registering a Kindle app.
In early July I was doing some housekeeping with my Kindle account. After deregistering nearly all the dozens of Kindle apps in my account, I opened the Kindle4PC app and tried to register it.
I was unable to do so, and the app did not explain why. It was only after I opened Gmail so I could go complain to Amazon that I realized Amazon had already sent me this email:
Given that the app didn’t inform me that I had to jump through an additional hoop, and that I had not signed up for the increased security, I was terribly surprised to see the email.
And I bet I won’t be the last to get this rude shock.
So if you have an inexplicable inability to log in to your Kindle app, this could be the reason why.
Purple lady November 19, 2015 um 5:59 pm
So you need Two-Factor Verification to read your book, but not even a password to pay for a book? I hate having to use a password to make sure I wasn’t overcharged for a book. I need to make sure my credits were used for a purchase since Amazon refuses to tell me what my actual purchase cost is beforehand.
Michael November 19, 2015 um 6:11 pm
Ran into that last week when checking out a used Kindle DX I scored from Goodwill. It told me my password was incorrect, and after re-entering it a few times I was warned I’d be locked out if I typed the wrong one again. Hopped on my computer to check if someone had hijacked my Amazon account, then found an e-mail from Amazon with a single-use token I’d need to enter on the Kindle within 10 minutes. Worked fine after I put in the code.
I suppose resellers of used Kindles will need to start warning customers to expect this.
Nate Hoffelder November 19, 2015 um 6:26 pm
Thanks for the confirmation, Michael. Isn’t it frustrating that Amazon provides so little info when they surprise you with the need for the code?
Michael November 19, 2015 um 6:45 pm
Definitely is frustrating. They really ought to be retrieving error / status messages from the server rather than hardcoding in an invalid password message. Granted, the DX is pretty old, so maybe devices with the latest firmware provide a more useful response, but your experience with Kindle4PC, which would have been trivial for them to bring up to date compared to the Kindle devices, makes me doubt that.
R November 19, 2015 um 11:06 pm
@Purple lady. If you don’t buy things often on Amazon, I suggest deleting you credit card info afterwards, so that it is safer. I always deleted my credit card info after I buy something online. It is not safe to save it there.
Ingo Lembcke November 20, 2015 um 6:51 am
How does it happen, that Amazon does not tell you beforehand, how much you pay for an ebook?
You check your credit in your gift account, and if it is less than the book price, you know you have to calculate the difference, granted it is work, but you could check before buying, not after.
And regarding " I always deleted my credit card info after I buy something online. It is not safe to save it there."
They already have your credit-card, so it is unsafe anywhichway …
If someone gets your login-credentials for Amazon, the credit-card-info is not displayed in a way it can be stolen without more info from elsewhere, the number is not displayed in its entire sequence and the safety-numer (2 or 3 digit at the back of the card) is not displayed at all, so the risk is minimized.
If there are other ways to break into the account, the credit-card-number is stored somewhere for the payment you just made, so the added safety by deleting it is slim at best.
The risk entering the credit-card-info and your computer or the internet-connection being highjacked could be greater, in my opinion. YMMV
Purple lady November 20, 2015 um 10:53 am
I frequently buy stuff from Amazon so deleting my CC is not an option.
Amazon doesn’t tell you your cost before you pay because digital credits don’t work on all books so you need to view your order after payment to see how much you were charged. Also if the price has changed between the time you brought the web page up and the time you hit the buy button, you won’t know unless you view your order.
Purple lady November 20, 2015 um 10:55 am
And you need to enter your password to see how much you paid, but can’t use a password to pay. That’s ridiculous.