How to setup TOTP for Amazon

On the support pages of Amazon's website, one can rapidly discover a long list of account takeovers and cyber security risks. For example, the following thread deals with someone who got his Amazon account hacked despite a 2FA in place, but it was using an unsecure 2FA via SMS, not the more secure TOTP 2FA.

The world of cyber security is uncompromising: Wrong security = bigger risk of an account takeover. This is even more true in the world of eCommerce where there is much money to gain of lose. And as Amazon is really the king of eCommerce, you have to deal with an increased level of risk when dealing with your Amazon account.

Since Amazon offers a 2FA / TOTP support to allow its users to secure their accounts against take over attacks, let's see how we can secure your Amazon account!

1. Locating the 2FA settings in Amazon

1.1 - To begin the process of securing your Amazon account, log into your account, click on Accounts & Lists, this will then present you with a menu of options. Then navigate to your account.

1.2 - On the account page of your Amazon account, go to the tab that says Login and Security.

2. Enabling Amazon's 2FA

2.1 -This will then bring you to a page showing all your personal information, such as name and email. Below these details you will see an option that says Two Step Verification (2SV) Settings. Click this Edit button.

2.2 - Amazon will briefly display a guide about 2FA and how it works. You will then see two Get Started buttons. Click either of them to proceed with securing your account with a 2FA.

2.3 - Amazon will now display two options for securing your account with 2FA: either with a SMS or via an Authenticator App. For a little background information, the SMS method is actually not as secure as an Authenticator App, as was seen in the introduction of this guide, and the hack incurred by the user who protected his account with an SMS 2FA. This is why Authenly is solely using the Authentication via TOTP method to keep your account safe from hackers and unwanted access. When you select the Authenticator app option, a QR code appears on the screen, ready to be scanned.

2.4 - Now go to the Authenly app and tap the QR scan icon on the home screen, or access it via the menu.

As you scan the Amazon QR code, this operation will install the 2FA on your mobile device, so that you can now secure your Amazon account with Authenly.

Get your TOTP code by tapping on the Amazon entry in the Authenly app, go back to Amazon, enter the code and click Verify OTP and continue to validate your 2FA installation.

2.5 -Once you have validated your 2FA, Amazon then gives a little extra information on how 2FA works and what you will need to access your account in the future now that 2FA is activated. Once read, click the Got It. Turn On Two-Step Verification at the bottom of the page.

3. Your Amazon is secured

3.1 - Done! Your Amazon account is now secured with Authenly. You are safe from malicious attacks by reuse of your username and password, and a potential loss of your Amazon account, or any sensitive information that may be stored on your Amazon account.

As you have experienced, installing a 2FA protection for a specific vendor account on your mobile device is quite a simple task to perform. We have built a list of 2FA installation guides for most major web applications, so that you can add safely and quickly an additional layer of security to your online account, and thereby also to your online identity.

4. Backup

Bear in mind that it is very important to keep a safe backup of your 2FA. Authenly is using a unique un-hackable offline secret to backup your 2FA-TOTP. This is a lot more secure than writing your 8 or 12 backup passcodes on paper or in a file accessible on your computer and/or on the cloud. It is also a lot more secure than letting your 2FA authentication app provider do the backup for you in their cloud (when they get hacked - not if... - your 2FA protection is rendered totally useless). Therefore, just make sure that you backup your 2FA-TOTP with Authenly as an offline secret, and be safe that you will not suffer any account lock-out and that you can restore at any time this 2FA onto any mobile device with your Authenly identity.

Need to understand and setup TOTP?

This short animated video will give you a good understanding of what is a Timed One-Time Password (or TOTP).


Frequently Asked Questions

Have questions? We’ve got answers. If you can’t find what you are looking for, feel free to get in touch.