Press "Enter" to skip to content

Stupid, stupid, stupid Amazon security


I have a vendor account on Amazon to sell dead-tree copies of RebelFire and Hardyville Tales. Yesterday I logged in, only to learn that as of next Tuesday, all vendors will be required to have two-factor identification or be locked out of their accounts.

Well, that’s rather short notice. But I don’t mind two-factor ID.

So today, Amazon nags me again and I click … and discover the ID can only be by phone. No email. Grumble. I absolutely hate the damn noisybox telephone. But what can I do? I choose SMS over voice. They send me a code. I input the code. And I naively imagine I’m all set.

But no. Inputting the code takes me to another screen … where I’m required to choose between SMS and voice to get a code on a second backup phone number.

Like everybody in the whole freakin’ universe has two phones? And again, no email option. No nothing option. You must have a second phone OR ELSE.

I see a checkbox for “skip verification.” But when I click it, instead of allowing me to finish logging in, Amazon merely takes me to the same screen, demanding that second phone number. Repeatedly.

It has to be a number where I can receive a code ASAP. What to do? There is a solution, but I’m flustered and don’t think of it at that moment. I input a friend’s cellphone number, hoping she won’t kill me.

Then I text her my most dire apologies and ask her to send me the code. She does — after giving my message a smarter security test of her own. And she even does it without threatening vile harm to my body (though she told me when the code came in she feared a stranger had just ordered a Rolex on her Amazon account).

I explain. And now I’m off to get some fake — but useful enough to receive a code — number to slip into my settings place of hers. That’s the solution that didn’t come to mind in my moment of flusterment.

But what stupid, stupid, stupid security! Two-factor identification is fine and dandy. Assuming everyone on the planet has constant access to two telephones is freakin’ idiotic.

it’s very nearly as idiotic as the move the Social Security Administration pulled a year or so back when they announced that all their clients, including the most doddering ancients, would be required to have SMS-capable phones to access their SS accounts. They at least gave enough notice for the entire bumbling plan to be shouted down and eventually changed to a method that offered more realistic options.

With Amazon I can — after the fact — designate one device as “trusted” and avoid the code problem in the future, as long as I allow permanent cookies. Or I can get a special app — for the smartphone I don’t use, lucky me. But receive a code by email? When I looked up the FAQ on the new two-factor system, their robot informed me sniffily that email would be insufficiently secure. Clearly Amazon knows what’s best for the rest of us, even if it’s going to be impossible for many of us.

Well, Jeff Bezos, no doubt you and your well-paid Seattle underlings can afford all the phones you want. But not all the rest of us are so highfalutin’.

Just hope this arrogant system isn’t coming soon to your Amazon buyer account, too. So far I’m seeing it only on my vendor account. And may it go no farther. But if it does, don’t forget those fake one-time (or monthly subscription) phone numbers available online.



  1. Bear
    Bear October 27, 2017 2:24 pm

    Using phone numbers for two factor authentication is BS. Both factors should be something not generally known to anyone else. So one factor most certainly should not be a phone number; people tend to give those out so people can call them. Vendors often put their phone numbers on web sites so customer can call and order stuff.

    But… the phone number could just be a numerical passphrase… which does note require verification. When you do those security questions, do they ask where you live and then send a letter there to verify that?

    All that phone verification is confirming a good number to sell to telemarketers.

  2. fred M.
    fred M. October 27, 2017 2:42 pm

    Remember the old time puppeteers? Watch the marionette move as I pull the strings. What great fun!

  3. Claire
    Claire October 27, 2017 2:50 pm

    Do you have a solution, fred M?

    I have one. Within the next few months, somebody else will be selling most of my books on Amazon and eventually I won’t have to worry about this. In the meantime, do you have an alternative for us presumed “puppets” — beyond refusing to deal with Amazon and therefore cutting off our own economic noses to spite our own economic faces?

  4. Claire
    Claire October 27, 2017 2:54 pm

    Bear — Alas, I completely agree. And having a backup which is also an insecure phone number just doubles the stupidity of the supposed security.

    My poor friend. As I tried to extricate her phone number from Amazon’s idiot system, she ended up getting more calls with codes in them, because Amazon just did not want me to put in that fake number. Once I managed to get the fake input, Amazon then switched the fake in as my preferred number, even though I didn’t recall asking for any such thing.

  5. John
    John October 27, 2017 3:30 pm

    Any chance this is an effort to improve security with the constraint that it also be generally adaptable by the non tech savvy? Large operations might reasonably be spooked by the massive breaches that have been elsewhere identified. The “how to” seems a challenge still to be worked out. And the process repeat.

    I’m sympathetic to the frustration and “irritation”. 🙂

  6. Claire
    Claire October 27, 2017 3:35 pm

    Thank you for the sympathy, John. But if it’s an effort to create security while not shutting out the tech savvy, it’s a very foolish one. All they would have had to do to make it work for everybody is give a few options: email OR voice OR SMS … or something else altogether of the user’s choice.

    Decreeing that it shall be phone only — and that everybody needs two phones to make it work — is simply arrogant and stupid.

  7. John
    John October 27, 2017 3:55 pm

    Sympathy was maybe the wrong word. I meant it in the sense of having encountered similar apparently retarded automated systems that are in my path. I mean not “pity sympathy” that I think useless, but energy or rapport sympathy. That which “irritates” one to corrective action. I hope you share some “feedback” to Amazon, as you have here!

  8. Claire
    Claire October 27, 2017 4:36 pm

    Don’t worry; I knew what you meant, John. And yes, I gave Amazon blistering feedback. Not that anyone will read or heed. But if enough vendors find this as preposterous as I do, maybe Amazon will eventually get the message.

  9. Jim B.
    Jim B. October 27, 2017 11:01 pm

    One could hope that their requirement would violate the ADA. Then they’ll be forced to change the way they go about all this. I’d hate to rely on such a law by the government for changing it but it may be the way to go.

  10. parabarbarian
    parabarbarian October 28, 2017 12:04 am

    You could try a Google voice number and set it to forward SMS to your cell phone. However, I can attest that Google is not always reliable at forwarding so be prepared to log onto Google to see the message.

  11. E. Garrett Perry
    E. Garrett Perry October 28, 2017 12:54 am

    Oh wonderful. “Justice In Winter” goes out in Amazon paperback soon, just had its biggest week ever, new book churning along nicely, and they pull this crap?! I don’t have two phones, and I’m currently living in a country with a well-earned reputation as a hotbed of cyberfraud. They’re gonna want a gorram DNA sample before they let me change the cover art…

  12. Arthur M
    Arthur M October 28, 2017 1:47 am

    I’ve had two-factor turned on at Amazon for a while, primarily as a liability protection measure; a month or so back Amazon added Captcha to the first logon of the day. It lasted only a few weeks; I’m assuming the response was sufficiently negative that it impacted the transaction rate, or maybe it was just a security experiment.

    Regarding the second cell phone problem, I’d suggest thinking about procuring a cheap burner phone (one without GPS capability). Having a backup comm device, especially one not directly linked to you, can be handy under some circumstances (which means cell minute reload on it is done with cash, not a credit card; usingit for 2-factor precludes just replacing the phone when it needs minutes because you’d have to reset the 2-factor to the new number with the old number).

    FYI, when activating a new phone (or a new service on an existing phone) the number assigned will be geographically determined, meaning the area code the phone has will be the area code assigned to the geo area in which the phone is activated. So, if you have a very trusted friend in location X (someplace a good distance away) you can exchange phones by mail for activation, or do it while on vacation. Also as an FYI, the phone’s serial number (remember, cell phones broadcast an ID number which is NOT the assigned phone number in addition to the assigned phone number) can be tracked from manufacturer to distributor to retailer, so living in Chicago, buying a cheap burner phone in Dallas and activating it in Miami can provide a slight additional level of security (needless to say, there’s a whole lot more regarding comm security with cell phones, but that would be a full blog-length post, not a comment; I will mention that removing the battery, never using the burner near your home address or having the battery installed while it’s anywhere in the vicinity of your primary cell phone are at the top of the list).

  13. Claire
    Claire October 28, 2017 5:39 am

    Actually, I do have a second phone. I rarely ever use it. It has zero connection to my name. And no way way was I ever in this life going to give its number to Amazon or any business.

    And yes, you are right about how to protect the privacy of phones. There are also many ways to get a second, cheap, sometimes temporary number. Some work with smartphones. Some are VOIP, some are strictly for receiving an SMS code, then going invalid. I was caught unprepared for them yesterday. Sigh.

  14. Claire
    Claire October 28, 2017 5:42 am

    E. Garrett Perry. Don’t worry. With some advance warning there are lots of online alternatives for that backup phone. Congrats and best on the book. I’m glad to hear it’ll be available in paperpack.

    parabarbarian — No Google, but had I had time and presence of mind, I would have set up something. I did later replace my friend’s number with on of many types of available temp numbers. But it didn’t work very well and wouldn’t work at all if I ever needed it for a backup. I’m looking into some sort of monthly subscription option that will work with my dumbphone.

  15. Fred M.
    Fred M. October 28, 2017 7:20 am

    It seems that in much of our lives these days we are dancing to somebody else’s fiddle. I refuse to be anybodies puppet. When I run into a company that is so convoluted and twisted in their marketing practices I realize working with them is just spitting into the wind, I move on to other alternatives. Frankly I’m not an author so I don’t have to deal with Amazon, however, if I was I would look at some alternatives like: Abe Books, Powell’s Books, Barnes & Nobel, Books A Million, Alibris, Borders Books, Better Worlds Books and if I had a few minutes I would look at (apparently you are not alone in dealing with Amazon). Another alternative would be to hire someone, or company, to market your books with all the available online and stick built booksellers, and to help set-up book selling tours, leave the headaches to them.

  16. Claire
    Claire October 28, 2017 7:51 am

    Fred M — Kudos to you for being game enough to respond to my challenge to come up with solutions. I appreciate that.

    I can only tell you, though, that your admission, “I am not an author,” didn’t need to be put into words, because it shows in everything you suggest.

    I am entering an agreement with somebody else to re-publish my existing books and publish second editions of two of them, though. So that’s something. But they will not only list on Amazon, they will publish on Amazon, both in Kindle and print-on-demand. It’s the way the world works now. It may work some other way in the future, but only when more wealthy, powerful, influential authors and publishers find a way out of the system.

  17. Claire
    Claire October 28, 2017 8:15 am

    As of this morning, Amazon has also extended its absurd version of two-factor ID to my Associates account (the one connected to blog links), though fortunately not to my buyer account which has a different login.

    Despite checking the box that says don’t ask for codes on this device, and despite allowing all Amazon cookies, they’re insisting on codes and phone calls for both vendor and Associates accounts, and that’s eating up the time on my TracFone. I’ve been looking into online solutions with alt phone numbers but so far haven’t found one that suits my needs.

  18. Fred M.
    Fred M. October 28, 2017 12:16 pm

    Claire why wouldn’t I respond? I looked upon your comments as a serious question, not a challenge. I’m glad you are having someone else handle the marketing of your books, I could see it was a frustrating experience for you in dealing with Amazon. People with talent and a product or message to sell should be free to develop that product or message. You are good with concepts and the written word and should be free to pursue that; not being frustrated about how to market that product. With your determination and tenacity it will all come together for you.
    Bon chance!

  19. Claire
    Claire October 28, 2017 4:18 pm

    “I looked upon your comments as a serious question, not a challenge.”

    A little of both, Fred, I admit. And you rose to the occasion with good spirit.

  20. parabarbarian
    parabarbarian October 28, 2017 5:13 pm

    I don’t blame for not wanting to use Google. If you are not averse to paying, Blur (Abine) offers masked phone numbers with a premium account ($39.00/year). They charge two cents per SMS message forwarded but premium users get a $3.00/month allowance. I’ve used Blur email masking for about three years (two paid) and think highly of it. However, I only just started using the masked phones so I have no recommendation on that service.

    If you happen to find a good subscription service, feel free to share it 🙂

  21. Ron Johnson
    Ron Johnson October 29, 2017 4:34 am

    I’m not much of a techie, so I find all of the increasingly complicated security requirements off-putting. If it gets much worse, it will probably force me to limit my internet participation.

    I wonder if Amazon is becoming like an inner city shopping center. No matter how good it is to begin with, it gets ruined by shoplifters, vandals, and thieves who increase the transaction costs for retailer and consumer alike until it is no longer a viable market. Is Amazon headed that way? The entire internet? Perhaps this is an unavoidable inevitability.

    Danged new fangled contraptions aren’t worth the bother (that’s my inner curmudgeon speaking).

  22. fred
    fred October 29, 2017 7:37 am

    Dealing with amazon is making a deal with the remains my LAST choice for shopping,their goal is to control global commerce,I will NOT feed into them,even if I ‘pay more’.
    I could use that same logic to buy Chinese crap products that are inferior yet ‘cheaper’.

    As for smart phones I continue with my flip phone and use a cheap wireless provider than sign up with verizon or sprint with a ‘contract’.Its getting very difficult to do unfortunately,but I soldier on.Smart phones are becoming as necessary to commerce as cash once was.They have become THE portal to use todays common items,whats a person to do?

    Im just trying to keep control over my life and my spending,even if it isnt ‘cheapest’ or ‘easiest’.

    Im NOT selling out or selling my soul for temporary convenience.Amazon,to me,is the devil.

  23. larryarnold
    larryarnold October 29, 2017 2:01 pm

    I read somewhere that a successful business needs three people; someone with talent and a passion to provide the product or service, someone with talent and a passion for marketing the product or service, and someone with talent and a passion for keeping track of the finances. Very seldom to all three reside in the same corpus.

  24. Comrade X
    Comrade X October 29, 2017 3:11 pm

    “Amazon, to me, is the devil.”


  25. Claire
    Claire October 29, 2017 4:31 pm

    parabarbarian, I’m going to take a close look at Blur, thank you.

    This option also looks promising: … but only for smartphones, not dumb cellphones.

  26. Claire
    Claire October 29, 2017 4:36 pm

    larryarnold — I think that’s about it. So I’m 1/3 of a good business.

    And to you guys who think Amazon is the devil: you’re wrong. Google and F*c*b**k have already taken that position. At most Amazon is a particularly annoying little imp.

    Once again, though, I have to say that I do understand the sentiment. But to a person who lives in a small town far from civilization, Amazon is a godsend. And without Amazon Associates, this blog would either have to be supported by a few generous angels (which fortunately it does have) or constant intrusive blegathons. Or I’d have to hope Patreon subscriptions went really wild.

  27. fred
    fred October 30, 2017 7:34 am

    When amazon controls pretty much ALL the shopping we can do,in EVERY aspect of retail sales…and all the brick and mortars have failed…..thats your devil.Then bezos will tell you what you can or cant buy because he will have the power to bankrupt anyone who wont play his game.
    He will be as bad as facecrap and gates and the rest of the billionaire puppet masters,sjw who will dictate to us.
    I opted out on Gates long ago too,though windows is ‘so convenient’.

  28. fred
    fred October 30, 2017 7:42 am

    Ebay does what amazon does too,amazon is not the only game in town….for now.That will change though,bezos is going to rule the roost,greatest monopoly ever WITHOUT any trust busters to get in his way,the politicians will be too busy with their hands out,colluding,kissing the behind of their master.

    He will own retail as 6 companies own the media,and we get the IN YOUR FACE propaganda.See how will thats worked out.

    Just in last few months he is positioning to take over grocery shopping,and now take over the pharmaceutical trade.And while they arent great jobs,bezos works people into the ground.

    Evil evil evil!

  29. Claire
    Claire October 30, 2017 7:57 am

    I like and sometimes use eBay, but it’s not an adequate substitute for Amazon.

    It also doesn’t support blogs, while Amazon is a huge factor in keeping many blogs online.

    It’s certainly true that Amazon aims to have a long reach. But so have many, many other companies in the past — companies that are either dead now or a fragment of what they once were.

  30. John
    John October 30, 2017 2:03 pm

    fred, you’re scaring me. You’re sounding like chicken little too. Amazon has been a bit of a godsend for me last couple years. Useful products at good prices I’d have been hard pressed to find or even know option of otherwise. Product and book reviews on demand. Not always best price, especially on food stocks, but almost always a good price reference point. Distribution option for seller large and small that would otherwise be more costly. My still being a buyer of stuff, this is good. One is certainly free to not use them you know.

  31. fred
    fred October 30, 2017 3:03 pm

    Lets see where we are in ten years.I’ll have it pegged,Im a futurist and can see things coming like this locomotive charging in from left field.They will make what wally did look like small potatoes.

    Their latest? They are starting their own delivery conglomerate.That they can afford to run at a loss in a sector for years while Fedex and UPS MUST run at a profit.They will own THAT part of the economy too.

    This is like free trade that is in fact very unfair trade in us trying to compete with slave wage China.They killed us as we couldnt compete being undersold,so will amazon at home,they can run at losses forever in sectors now until the competition has folded due to their sheer size.

    We are talking a monopoly thats going nuts,yet I remember when the auto makers under antitrust laws couldnt even own their own parts divisions because making air filters and spark plugs was anticompetitive.

  32. Claire
    Claire October 30, 2017 4:14 pm

    John — I hear you and agree.

    fred — You’re entitled to your opinions and entitled to express them here, especially since I started the “stupid … Amazon” topic.

    But you should understand that when I hear you repeatedly condemn Amazon, I also hear you say you hope this blog goes broke. I hear you saying you’d like it if those who keep this blog going through their Amazon purchases halted that automatic and painless-to-them support. Speak freely, but be aware that that’s your underlying message.

  33. Ron Johnson
    Ron Johnson October 30, 2017 7:12 pm

    Have no fear. Amazon will NOT be taking over retail. Portions of it, maybe, like books and music. But for many other product categories, Amazon struggles to find a formula to make money. Often they are more expensive than brick and mortar. That does not bode well for their future as monopolists.

  34. ExpatNJ
    ExpatNJ November 1, 2017 12:04 pm

    Amazon is not alone in demanding phone numbers from users.

    Yahoo (e-mail) has also repeatedly and regularly asked me during log-in for a phone number capable of receiving text messages (presumably a cellphone). This is allegedly to help “secure my account”, and “in case I forget my password”. Both reasons are immaterial to me, so I have consistently declined their request. However, I await the day if/when Yahoo (recently purchased by Verizon) won’t let me log in without giving one. If/when that day comes, I will gladly walk-away from this anonymous and disposable account. Their loss.

  35. Claire
    Claire November 1, 2017 12:35 pm

    Annoying, isn’t it? But of course it’s one thing to ask, another to demand. And yet another to force users into a situation in which having TWO phones (or one phone and a fake number that forwards to it) is the only possibility.

    I had a Yahoo account I used only for email groups. I dumped it several hacks ago.

Leave a Reply