No, it wasn’t often…but it became nerve-wrecking at times. If you request the number too many times within a certain period of time, it locks you out automatically…sometimes for many hours. I was lucky enough that this didn’t happen at a time during the day to cause me not to be able to confirm the day’s shipments in time.
It wasn’t my cell service, either…sometimes the texts just wouldn’t send from Amazon.
I have had zero issues with an authenticator app…I wish I had did it from day 1. Authy has a desktop program and phone app…so it generates codes from both that I can use.
Another question:
I sign in to Seller Central on 2 different PCs here during the day. When Amazon starting to requiring us to do Two-factor authentication each time we sign in, is that mean I will get a one-time password over SMS for one of the PC when I sign in, and another different one for the 2nd PC when I sign in on the 2nd PC?
Will that be considered as asking for the code too many time within a short time period?
Yepper, that’s the designed behaviour of the security protocol which underpins Amazon’s implementation of Two-Step Verification/TSV/2-SV/2SV/2FA
As our friend Best Handmade Soaps intimates, mileage can - and often enough does - vary greatly upon this score.
The problem is exacerbated, in the parameters of the situation you’ve premised of regularly logging into your SoA (‘Amazonese’/‘Amazonish’ for “Selling on Amazon” aka 3P Seller aka Seller Central) Account from multiple computers, if those 'puters are not recognized as Enterprise Domain-joined workstations - and/or otherwise not following Active Directory minimal requirements & guidelines absent having access to alternatives to that facility - by the gatekeeping functionalities of Amazon’s automated mechanisms which are ever on the prowl for low-hanging fruit along the Bad Actor front.
This is a good time for me to post my story I wanted to share with the group so no one else ends up with the same problem.
Late last August someone stole my identity, which had been exposed on the dark web through an Equifax breach sometime in 2019 I believe it was. I filed a stolen identity report with the FBI and local police, froze my credit, and took some other measures I’ll get to in a minute. Let me be clear I worked in IT as an engineer for over 25 years and am very security conscious but still if they got you they got you.
The thief opened an Amazon credit card in my name and added it to my buyer account (which is linked to my seller account also). They then proceeded to order over $4,000 of merchandise on the card and then archived the orders in my account so I would not see them when I went to my order page. I got an alert from Capital One credit that someone had opened a new card on my account and that is how I found out about it thankfully.
I was not able to log into my buyer OR seller account for like a week after reporting the charges even though I ended up not having to pay for any of them, as usual, Amazon is impossible to work with on anything related to support. Fair warning - heed my advice below. These guys are really crafty hiding the transactions etc. I still don’ know how they got into the buyer account. I had 2 factor on, BUT I was getting codes via text. DO NOT DO THIS if you can help it.
My point here is as follows:
If you think just because you have 2 factor on you are safe think again - you’re not.
Getting security codes by text or email is highly unsafe - they are sent as plain text messages and can be intercepted. They can also steal your session cookie if you trust the device (less common and not so easy as @Pepper_Thine_Angus pointed out earlier) or they can hijack your SIM card on your mobile phone - just don’ use this method unless you have to.
The next best thing is to use an authenticator app. I use Authy, Microsoft Authenticator, and Google authenticator. You can use more than one and it’s a good idea to do that in case something doesn’t work. ALL these can be used offline.
The only truly secure way is to get a physical security key such as a Yubikey and use a passkey on the site. This is not supported by everyone (yet) but most services including any Google services support passkeys. Check youtube for more info. In order to get in to your account with a passkey, the thief has to have your physical key in their possession. Almost impossible to break and you can disable the key remotely if it’s lost or stolen. It can also generate codes although I haven’t used that feature as I use passkeys where ever I can. You don’t need codes with a passkey, you just tap the button on your key or hold it to the back of your phone until it vibrates to use it with NFC.
If I can help anyone else be secure I will be glad to answer any questions to the best of my ability. I have financial interest in any of the companies I mentioned nor any affiliation. I’m just sharing my research. Even though my info is still out there, I have not had any issues since getting my Yubikeys (2 in order to have one for backup just in case kept in a safe location).
Sorry this is such a rant, but I feel like people should be informed.
Jeez, I proofread the post twice and edited, but didn’t catch that, thank you! Yes, I have no connection with those companies and paid for my products.
@Best_Handmade_Soaps thank you for sharing all of that, and I am so sorry that you had to go through it. I hope the scum who put you through that are held accountable.
So, we run a company, a corporation, a small one but we have a team of artisans, and humans we treat like family.
So now, if we take off a day or two, or we do our once every 7 year 5 days off holiday to an exotic place we must leave our phone with a trusted team member.
Yes we set up the Google phone two factor authorization several times. They shut it down when we did not use it for a set amount of time.
Additional safety factor. If something like what happened to @Best_Handmade_Soaps happens to you, if you have child accounts with full access, you can continue to process orders and function if the main account gets locked.
