Locked out of my Amazon account. Locked out of a crypto account. Why? Because I set up two-factor authentication on both these accounts and have lost access to the second factor. In the case of my crypto account, I can get back in by providing them with photo ID. But with Amazon, it seems I am locked out forever. Forever is a long word.
What is 2FA? It is a way to add security to an online account by providing an extra layer of protection. For example, after you enter your username and password, you then enter another password – usually a one-time password (OTP) that is sent to your phone, email, authenticator app, or even a small hardware device.
But is this extra layer of security necessary, convenient and effective?
When you sign up with Amazon, they demand you set up 2FA immediately, with your phone number being the second factor ‘to secure your account.’ However, I changed phone numbers a few years ago. Their website points to a customer service line to help with account issues. I called Amazon and talked to a person. The operator said I can only regain access if I provide them with the correct billing address on the account.
I’ve moved 10 times in 10 years. I went through all my previous addresses with the phone representative but none of them matched. For all I know, Amazon could have entered it incorrectly or the address formatting could have changed in a system update . There are multiple ways to cite an address – you’ve probably encountered automated address matching when signing up for something.
My Strathfield address had several forms: 301B/18 Parramatta Road Strathfield. Or sometimes it was cited as 301B/16-24 Parramatta Road, or even just 18 Parramatta Road with the flat number omitted. It could be any of these. Before Strathfield, I lived in Potts Point, and according to some public utilities my address and postcode combination put me in Darlinghurst.
By the way, this is my Amazon author account I’m talking about. So I’ve now lost access to my two books published on Amazon. If I want to republish my updated versions of Rocket Science and Space Juice, I’m left with no choice but to create a new Amazon author account. The customer service rep hinted that I might try this. (I’m trying it now and my book is ‘Pending Review’. Let’s hope I encounter no further issue/problem/anomaly/fuck up.)
So I’m understandably frustrated with 2FA, and questioning its viability.
For companies, schools and official business, yes, it’s a good idea. But should you be forced to enable 2FA on personal accounts? Why has Amazon foisted this on its customers and authors? It has not secured my account. It has blocked me, the rightful ‘owner’ of the intellectual property inside it. Some security.
Online safety is a compromise between security and usability. Amazon have failed me dismally. (And for a few hours after my encounter with their customer service, I was pretty dismal.)
My crypto provider gives me the option of ‘2FA’. I choose to use it with this account for obvious reasons. But for my Amazon author account? Am I really concerned that someone will breach it and pass themselves off as the obscure author of science-fiction satire? Long answer: Not that much. Not yet. Thankfully, I’m not that popular. By forfeiting this account, I lose only three positive reviews. [insert author whinge paragraph here]
To summarise, I use an authenticator app for the 2FA on the crypto account. I locked myself out of this one because I switched phones and misplaced the phone that had the Google Authenticator app.
But I found that phone. And even if I didn’t, the company doesn’t ask you for an address to get back in – it requests official government ID (with you in a recent photo holding this ID).
Amazon do not seem to understand the compromise between security and convenience. Perhaps I can retrieve my old number. No one seems to be using it. But I also have to accept that this account may be lost.
Also, it seems that someone could possibly gain access to my Amazon account if they know my billing address and call customer service. I can’t understand this. Surely this is weak security.
Perhaps everything is my fault and I’m just not careful enough.
Share your thoughts below. Are you for or against 2FA? What alternatives do you use, or would use if they were available?
As a software developer I can tell you that there’d be no debate if I was creating a system or was consulted on creating one; it would at least have to implement 2FA and I’d be liable if I didn’t. Passwords alone don’t cut it.
I think your experience is more to do with the lack of customer support for your category of account in a behemoth of an organisation such as Amazon rather than 2FA itself.
So sorry to hear that happened to you 🙁 there should definitely be a way for you to get backin. As for 2FA, multiple massive data leaks resulting in all our personal info and passwords being available for sale on the dark web mean that 2FA is a necessary evil, unfortunately.
I have it on all my accounts where available, but I’d hate to think what would happen if I ever lost my phone number. It’s all tied to it, and I’d lose access to my Gmail account, which in turn is tied to close to 1000 online accounts. So yeah, not a perfect system…but I don’t know of a better one.