amazon logo

Two-Factor Authentication (2FA) is a great security tool, and we always recommend it. Most apps make it pretty easy to turn on 2FA, and Amazon is no exception. Here’s how to enable it and make yourself safer.

You’ll need to be logged in to your Amazon account, either on the Amazon website or in the Amazon app in your phone. Once you’re logged in, go to Your Account > Login & security and click the Edit button next to “Advanced Security Settings.”

The "Advanced Security Settings" edit button

At the top of the page, next to the “Two-Step Verification” title, click “Get Started.” (And yes, Amazon calls it two-step verification instead of two-factor authentication, but it’s the same thing.)

The "Two-Step Verification" Get Started button

Now you get to choose how you want to receive your 2FA codes. We recommend using an authenticator app, which is the process we’re going to show here, but you can use SMS if you prefer as it’s better than not using 2FA at all.

The QR code, and the MFA code text box

The first step in the process is to install your authenticator app, which we’ll assume you’ve done already. The second step is to open your authenticator app and add an account:

  • If you’re using the Amazon website: Hold your phone camera up to the QR code displayed by Amazon, and follow the instructions in your app.
  • If you’re using the Amazon app on your phone: Copy the long code that’s displayed and add it manually to your authenticator app.

Finally, type the code generated by your authenticator app into the “Enter OTP” text box on the Amazon page and then click “Verify code and continue.”

If you’re using the Amazon app on your phone, the process is now complete.

If you’re logged into the Amazon website, the next stage gives you information about how to use 2FA if you’re on a device that can’t display a second screen. There’s no information about what devices these are, but the images suggest earlier versions of the Kindle. In our tests using Kindles up to five years old, there was no 2FA prompt at all, so there may be no issue here. But we still recommend you check all your devices that use your Amazon account to make sure you can access your account as expected.

On the same page, you can also tell Amazon that your current browser doesn’t require a 2FA check by switching on the “Don’t require codes on this browser” checkbox. You should only do this if you’re on your own computer, not on someone else’s or a shared computer.

If you’ve set your browser up to delete cookies when you close the browser down, this won’t work unless you tell your browser to make an exception for Amazon cookies. It’s up to you if this is worth the trade-off of easier logins. After that, click the “Got it. Turn on Two-Step Verification” button, and you’re done.

The to-step verification confirmation button

You’ll be taken back to the “Advanced Security Settings” page.

The "Advanced Security Settings" page

Unlike some apps, Amazon doesn’t provide backup codes if you have trouble with 2FA. Instead, it will send you a text message if your authenticator app isn’t working correctly. And if all else fails, you’ll have to phone them for help. Amazon’s customer service is surprisingly good, but ideally, you want to be able to resolve issues yourself, especially login issues. On the “Advanced Security Settings” page there is a “Back-up methods” section, with the option to add a new phone.

The "Add new phone" back up option

Use this to add a recovery phone that SMS codes can be sent to if you lose your primary phone. If you haven’t got a second phone, use the phone number of a trusted family member or friend (with their permission). Otherwise, you’ll have to contact Amazon if you’re locked out of your account.

Now your Amazon account is set up and configured for 2FA. If you have the Amazon app on your phone, you won’t need to enter a 2FA code, as long as it’s the same phone you use to authenticate the Amazon website. Want more MFA goodness? Check out our other guides for Gmail, O365, Apple ID, and Slack.

Profile Photo for Rob Woodgate Rob Woodgate
Rob Woodgate is a writer and IT consultant with nearly 20 years of experience across the private and public sectors. He's also worked as a trainer, technical support person, delivery manager, system administrator, and in other roles that involve getting people and technology to work together.
Read Full Bio »