One of the security practices that I am always looking for is two-factor or multi-factor authentication. This is when you need a user name, a password, and a special code or device to provide the second authentication factor.
I have been using Google Authenticator with my extensive set Google accounts and with the password manager LastPass. I was happy to learn that I can finally add my Amazon account to my Authenticator TFA list.
Amazon, with their one-click checkout and stored credit card information, is a regular target of cyber-criminals, because if your Amazon account is compromised, the cyber-thieves can order a thousands of dollars worth of high end merchandise, which can later be resold on eBay or Craig’s list to cash out. If the bad guys also have control of your email account, you will never know it is happening until the credit card fraud department calls, or worse yet, when you get the bill.
Setting up TFA on Amazon is relatively easy. I did it in a couple minutes. First click on Your Account, and then Change Account Settings. There are three steps to complete the process:
- First choose how to receive the codes, either by SMS text message to a phone, or using the Authenticator app.
- Then you add a backup method using either a voice call or text message. If you used SMS in step one, you may need to use a different phone number in step two.
- In the third step it is explained how it works, and you will be logging in to your account with two-factor authentication for the first time.
You can indicate which of your devices are “trusted” and avoid needing the code on those systems. This is an option I would NOT recommend, because if your computer is stolen, or the criminals can remote in on a Trojan horse, they will not need to use the extra security you just set up either.
If you have an Amazon account you should take a moment to add TFA security to it. Sure this is an extra step and a bit of a hassle, but you will sleep better at night.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com