This past week Amazon sent an email notifying some of its users that their passwords had been reset. The company said there’s no reason to believe the Amazon accounts had been hijacked but decided to take this step of resetting passwords “out of an abundance of caution”, after discovering a list of email addresses and passwords that had been published online and suspecting that some of its users’ credentials were on that list, given that certain people use the same passwords for multiple services. One of the recommendations that Amazon gave its users was to turn on 2 factor authentication for Amazon.
Here’s the complete message that Amazon sent under the subject line “Your Amazon password has been changed”:
At Amazon we take your security and privacy very seriously. As part of our routine monitoring, we discovered a list of email addresses and passwords posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on multiple websites. Since we believe your email addresses and passwords were on the list, we have assigned a temporary password to your Amazon.com account out of an abundance of caution.
You will need to reset your password when you return to the Amazon.com site. To reset your password, click “Your Account” at the top of any page on Amazon.com. On the Sign In page, click the “Forgot your password?” link to reach the Amazon.com Password Assistance page. After you enter your email or mobile phone number, you will receive an email containing a personalized link. Click the link from the email and follow the directions provided.
Your new password will be effective immediately. We recommend that you choose a password that you have never used with any website.
You can also enable Amazon’s Two-Step Verification, a feature that adds an extra layer of security to your account. In addition to entering your password, Two-Step Verification requires you to enter a unique security code during sign in. To learn more about Two-Step Verification, go to Amazon.com Help, go to Managing Your Account, and click More in Managing Your Account, and then click More under Account Settings.
Previously, Tech Geek and More had posted about turning on 2 factor authentication for several services (like Facebook, Twitter, iCloud, etc). The following information is for those who would like to turn on 2 factor authentication on their Amazon Account.
How To Turn On 2 Factor Authentication
- Log into your Amazon Account. Once logged in, click on Your Account, that is just under your name (on the top right), and then click on Your Account (again) from the drop menu.
- In the next window, under Need Support (toward the top right), click on Change Email or Password
- At this point, click Edit (toward the bottom) to the right of Advanced Security Settings.
- You will now be in the Advanced Security Settings page. On this page, click on Get Started button
Text Message (SMS) Steps
- You will now have a decision to make. You can either select to receive your authentication code via a text message or you can select using an Authenticator App. The following steps will be for those who want to use text message (Authenticator App Steps scroll down). If that’s the case all you will need to do is enter your phone number, and click send code. Once you receive the text code, enter it into the box (at the bottom) and select Verify code and continue.
- You will now set up a backup method. This is in case you can’t access your initial text message number. In this 2nd step, you should either set up a different phone number to receive text messages or a number you can receive calls from. NOTE: This CAN’T be the same number you used in step 1.
- Lastly in this step, Amazon informs you that on some devices (usually older tablets, you may run into an issue with 2 step authentication because the device wont be able to show the second screen that prompts for the security code. If you run into that issue, just log in by adding the security code that is sent to you to the end of the password. In this step, you also have an option of NOT using 2 factor authentication on devices you use often. If you want to limit not having to use 2 factor authentication on some devices, check the box on the bottom of the page.
This completes the Amazon 2 factor authentication using text messages.
Authenticator App Steps
For those who don’t want to bother with receiving a text message, you can use what is known as an Authenticator App. The advantage with the Authenticator App is that any device that you have the app installed and logged into can be used to authorize your log in. To get an Authenticator app visit the app store for your device. Do a search for Authenticator App. You will find a number of apps, the easiest ones to use are Google Authenticator and Microsoft Authenticator.
Once you have your Authenticator App installed, here are the steps you need to follow for your Amazon Account.
- To start, open your installed authenticator app, and scan the bar code on the page. On the app you will get a 6 digit code, enter that code on the box in the bottom of the page and click on Verify code and continue.
- In the next section, you will select and set up a back up way to access your account via 2 factor authentication. This screen will let you set up either a phone call or text message to authenticate.
- Lastly, just like in the text configuration, you will be prompted about issues logging in on some devices. Just remember if log in doesn’t work (usually on an older device), just add the code that is sent to you to the end of your password.
And that’s it. With that you should now have 2 factor authentication set up on your Amazon Account.