Two-Step Verification (2SV) is Amazon’s Multi-Factor Authentication (MFA) solution. It provides two authentication challenges, requiring both a static knowledge challenge (password) and a dynamic knowledge challenge (OTP), offering better protection than a static password alone.
2SV helps you protect your account against Account Take Over (ATO). Due to the practice of password reuse, when breaches happen externally, Amazon customers who re-use the same password with Amazon are put at risk. Anyone who knows your password will be able to sign in to your account. 2SV protects against such occurrences.
After enabling 2SV, when you sign in to Seller Central, you will need to complete a password challenge and a One-Time Password (OTP) challenge. The OTP will either be sent to an enrolled phone number via SMS or voice call, or generated by an authenticator app. Without knowing the password and knowing the OTP, it will not be possible to sign in. For your protection, treat the OTP with as much protection as your normal password, until after it has been used. If a bad actor knows your password, and knows your OTP before it is used, they will be able to sign in to your Amazon account.
When you first activate 2SV, you will need to designate two different 2SV authenticators – one will be your primary method and the other will serve as a backup if you lose access to the primary device.
You can receive OTPs using the following options: An authenticator app, voice call via mobile or landline phone, or via SMS. Authenticator apps are recommended because they are easy to use, do not require access to a network and are available for free via app stores on personal computers and smart devices – including mobile phones and tablets. For more information, see Use an authenticator app for Two-Step Verification.
You cannot use an authenticator app as both your primary and backup method, so you will need to choose an SMS or voice-enabled phone as either your primary or backup methods for receiving your OTP. The following table outlines both primary and backup options available to you:
|If primary method for receiving OTP is||Select one of the following as your backup method|
|SMS-enabled phone (for text messages)||
|Voice-enabled phone (landline)||
Typically, you will only use your primary method for receiving OTPs; however, if you do not have access to your primary method or you are not receiving your OTPs, you can have your OTP sent to your backup method by clicking Didn’t receive the code?
If you lose or change the phone number of your primary method for receiving your OTP, you can always update it in Seller Central once you have successfully signed in using your backup method. To make changes to your primary and secondary methods, you must have access to at least one of your devices. If you do not have access to either your primary or secondary methods, see Two-Step Verification Account Recovery.
A mobile phone is not a requirement for 2SV. In addition to using an authenticator app, you can always receive your OTP by voice call to a landline.
For more information on authenticator apps, see Use an authenticator app for Two-Step Verification.
If you are an existing Seller Central user who has not enabled 2SV, you will be prompted to activate 2SV the next time you sign in to Seller Central. Click Enable Two-Step Verification and follow the on-screen instructions.
You can also access the Advanced Security Settings page from the Retail site, which will take you through an identical experience.
For a step-by-step guide on enabling 2SV, see How to enable Two-Step Verification.
After you have successfully signed in to your account through the 2SV process, you can simplify future sign-in on computers and devices that you routinely use.
The next time you enter your OTP on your computer or device, tell us not to ask for an OTP on that device in the future by clicking the check box next to Don’t ask for codes on this device.
Accessing Seller Central from different locations or networks (LAN, WAN, WLAN), or changes to your IP address. Having multiple users who use the same credentials may increase these occurrences, so make sure that each person accessing your account has their own credentials. See Set user permissions for more information.