Two-Step Verification (2SV) is Amazon’s Multi-Factor Authentication (MFA) solution. It provides two authentication challenges, requiring both a static knowledge challenge (password) and a dynamic knowledge challenge (OTP), offering better protection than a static password alone.
2SV helps you protect your account against Account Take Over (ATO). Due to the practice of password reuse, when breeches happen externally, it puts Amazon customers at risk who re-use the same password with Amazon. Anyone who knows your password will be able to Sign-In to your account. 2SV protects against such occurrence.
After enabling 2SV, when you sign-in to Seller Central, you will need to complete a password challenge and a One Time Password (OTP) challenge. The OTP will either be sent to an enrolled phone number via SMS or voice call, or generated by an authenticator app. Without knowing the password and knowing the OTP, it will not be possible to sign-in. For your protection, treat the OTP with as much protection as your normal password, until after it is used. If a bad actor knows your password, and knows your OTP before it is used, they will be able to sign-in to your Amazon account.
When you first activate 2SV, you will need to designate two different 2SV authenticators – one will be your primary method and the other will serve as a backup if you lose access to the primary device.
You can receive OTPs using the following options: An authenticator app, voice call via mobile or landline phone, or via SMS. Authenticator apps are recommended because they are easy to use, do not require access to a network, and are available for free through app stores on personal computers, and smart devices – including mobile phones and tablets. For more information, see Use an authenticator app for Two-Step Verification.
You cannot use an authenticator app as both your primary and backup method, so you will need to choose an SMS or voice enabled phone as either your primary or backup methods for receiving your OTP. The following table outlines both primary and backup options available to you:
|If primary method for receiving OTP is||Select one of the following as your backup method|
|SMS-enabled phone (for text messages)||
|Voice-enabled phone (landline)||
Typically, you will only use your primary method for receiving OTPs; however, if you do not have access to your primary method or you are not receiving your OTPs, you can have your OTP sent to your backup method by clicking Didn’t receive the code?
If you lose or change the phone number of your primary method for receiving your OTP, you can always update it in Seller Central once you have successfully signed-in using your backup method. To make changes to your primary and secondary methods, you must have access to at least one of your devices. If you do not have access to either your primary or secondary methods, see Two-Step Verification Account Recovery.
A mobile phone is not a requirement for 2SV. In addition to using an authenticator app you can always receive your OTP by voice call to a landline.
For more information on authenticator apps, see Use an authenticator app for Two-Step Verification.
If you are an existing Seller Central user who has not enabled 2SV, you will be prompted to activate 2SV the next time you sign-in to Seller Central. Click Enable Two-Step Verification and follow the on-screen instructions.
You can also access the Advanced Security Settings page from the Retail site, which will take you through an identical experience.
For a step-by-step guide on enabling 2SV, see How to enable Two-Step Verification.
After you have successfully signed-in to your account through the 2SV process, you can simplify future sign-in on computers and devices that you routinely use.
The next time you enter your OTP on your computer or device, tell us not to ask for a OTP on that device in the future by clicking the check box next to Don’t ask for codes on this device.
Accessing Seller Central from different locations or networks (LAN, WAN, WLAN), or changes to your IP address. Having multiple users who use the same credentials may increase these occurrences, so make sure that each person accessing your account has their own credentials. See Set user permissions for more information.