Amazon Boosts Customer Security with Two-Factor Authentication
With the busy holiday shopping season fast approaching, Amazon has quietly added an option for customers to boost their security online with two-factor authentication. According to one report, Amazon introduced the feature in private beta a few weeks ago before rolling it out in a wider release this week.
Amazon did not respond to our request for more information about when and why it introduced two-factor authentication, but its customer support site now includes several Web pages with instructions for how users can turn on, disable or change settings for the feature.
Many other online sites -- including those for Google Gmail and Microsoft Outlook -- already use two-factor authentication to add an extra layer of security for users. The feature usually works by sending verification codes to second devices, typically smartphones, that users can then enter online to confirm their identities.
Strong Authentication Still Lags
Over the past couple years, customers on Amazon's discussion forums have occasionally asked whether the company eventually planned to offer two-factor authentication for added security.
At the beginning of 2014, for instance, one user on the Amazon help community forum wrote, "Amazon is currently the only one of my security-sensitive accounts for which I haven't found an obvious way to enable 2FA." After being told that two-factor authentication was not an option at that time, the user noted, "That's a little unsettling."
Unsettling or not, the practice of using only a password with no further verification to access a secure site remains quite common. A recent White House update on government compliance with the Federal Information Security Management Act, which was enacted in 2002, reported that only around half of key federal agencies used any form of strong authentication for most of their privileged users.
Little Confidence in Passwords Alone
The same holds true for many private sector users. A study by the mobile identity company TeleSign earlier this year, for example, found that while a majority (70 percent) of people surveyed said they didn't have "a high degree of confidence" in password-protected security, more than half (56 percent) were unfamiliar with two-factor authentication.
"The gift of two-factor authentication is the greatest peace of mind people can get this holiday season," TeleSign senior vice president of marketing Brian Czarny told us today via a spokesperson.
Czarny added that "protecting online accounts with a simple username/password is simply not safe enough in today's environment" and both businesses and consumers have lost faith in that basic security precaution.
"This move by Amazon is a direct response to that need," Czarny said. "Amazon has long provided two-factor authentication on their Web Services platform and other products, and we applaud their offering it up for consumers' Amazon accounts."
Posted: 2015-11-22 @ 4:52am PT
Great, we need more protection offered from suppliers.
Posted: 2015-11-19 @ 5:08pm PT
Amazon's 2FA is useless. It requires a cell phone. They should implement standard OTP such as the one used by Google's Authenticator.