[Guide] Protecting Your Mturk/Amazon Account via 2FA

Discussion in 'Help & Guides' started by Trickydude24, Nov 30, 2016.

  1. Trickydude24

    Trickydude24 Survey Slinger

    Security is one of the most important aspects for anything you do online. With this short and easy to understand guide, you'll be able to protect your Amazon accounts in a few simple steps.

    When we are talking about an Amazon account, we're referring to your Amazon login (you@website.com). If you use the same login across many Amazon services (Amazon.com, MTurk, Payments, IMDB, etc), then that is ONE account, therefore you only need to perform the steps below once, then your account will be automatically protected for all of Amazon's services. If your spouse/loved one/roommate/kids have their own Amazon login, then you'll need to repeat the steps below to protect their accounts as well.

    We're going to protect your account with a security measure known as Two Factor Authentication or Two Step Verification (2FA). By enabling Two Factor Authentication,

    To Enable 2FA on Your Amazon Account:
    1. Login to Amazon.com with the same credentials as your MTurk account.

    2. In the upper right bar, click "Your Account".

    3. At the top of the page, click "Login & security".

    4. Under "Advanced Security Settings", click the "Edit" button.

    5. Feel free to read over what Two-Step Verification is on this page to familiarize yourself. When you're read for the next step, click the yellow "Get Started" button. You'll be prompted to login again for verification.

    6. You have two options to protect your account (you can enable both if you'd like - 2nd option will be a backup method):
      1. A. Use an authenticator app (such as Authy, AWS Virtual MFA, Google Authenticator, or Microsoft Authenticator) - Available in your smartphone's app store. (Useful if you have spotty/no cell service)
      2. Get an SMS/text message with a security code sent to you. (Requires ability to receive text messages)
    7. To enable the use of an authentication app:
      1. Click the radio button next to "Authenticator App".
      2. Open your authenticator app and navigate to the area where you add a new account. If the app has the ability to, use the camera app and point the camera to the QR code on the website (the big black and white square image).
      3. Accept the scan on your phone, and enter the code you see on Amazon's website, and press the yellow "Verify code and continue" button.
      4. Click the yellow "Got it. Turn on Two-Step Verification" button.
    8. To enable SMS/text message verification:
      1. Click the radio button next to "Phone number".
      2. Simply enter your cell phone number into the box and click the yellow "Send code" button.
      3. You'll then receive a text message with a code in it. Put this code into the second text box and click the yellow "Verify code and continue" button.
    Congratulations! You've successfully protected your Amazon-related accounts. If you don't always have your phone on you or you get tired of entering codes, you can click the check box next to "Don’t ask for codes on this device". Don't check this box if you're on a public computer.

    IMPORTANT NOTE - Please double check your scripts. It's come to my attention that some scripts DO NOT have sanity checks in them, and will therefore run repeatedly by refreshing or auto-submitting on the MTurk login page, causing rapid-fire attempts at failed logins (especially if you're away from your computer). This will cause you to get about 50 emails about someone trying to login to your account (when really it's just a script auto-submitting on the login form) followed by getting your account temporarily locked from Amazon (for security reasons).

    Even with the steps above complete, it is still extremely important to keep an eye on your account for any signs of changes or things out of the ordinary. If ever in doubt, change your password immediately and have Amazon (or the website you have an account on) perform a security audit on your account, since they typically log information through their backend that you can't see (IP addresses, login times, locations, etc).

    If you would like to try to protect your accounts you have on other websites (such as online bank accounts, emails, shopping, money-management accounts, etc), you can do a quick search to see if that website offers 2FA here - https://twofactorauth.org

    One last word of wisdom - if something is online, it can potentially be hacked. This guide is just a simple preventative measure to reduce the chances of something happening to you. Be sure to pass the word on to your friends, families, roommates, and co-workers. Good luck and I hope this helps! If you have any questions, please feel free to ask!

    • v1.2. November 30th, 2017 - Updated with an important note about scripts.
    • v1.1. July 14th, 2017 - Updated with images and new instructions after Amazon's design overhaul.
    • v1.0. November 30th, 2016 - Initial release.
    • Today I Learned Today I Learned x 21
    • Like Like x 3
    Last edited: Nov 30, 2017
  2. LucasJonson

    LucasJonson New Turker

  3. Sheri

    Sheri Turker

    I received a message from iCloud and I'm pretty sure it's spam. Someone please repost this somewhere where everyone will see it. I don't know how.