SecurePass← All Articles
Best Practices7 min readMay 22, 2026

How to Secure Your Amazon Account: A Complete Security Guide

Your Amazon account holds your payment cards, home address, purchase history, and potentially access to Prime Video, Kindle, and Alexa devices. Here's how to lock it down against the most common attack methods.

Why Your Amazon Account Is a High-Value Target

Your Amazon account is more valuable to attackers than many people realize. It typically stores one or more credit cards, your home delivery address, your purchase history (which reveals personal details about your life), and may be linked to Amazon Prime, Kindle books, Alexa devices, Amazon Web Services, and Amazon Pay. A compromised account can be used to place fraudulent orders shipped to reshipper addresses, drain stored gift card balances, or harvest personal and financial information.

Amazon accounts are frequently targeted in credential stuffing attacks — where automated bots try username/password combinations from unrelated data breaches. If you've reused your password anywhere that was ever breached, your Amazon account may already be at risk. The good news is that a few straightforward steps dramatically reduce that risk.

Step 1: Set a Strong, Unique Password

The most common way Amazon accounts get compromised is credential stuffing — attackers trying passwords leaked from other breaches against your Amazon login. The defense is simple but requires discipline: use a completely unique, randomly-generated password for Amazon that you've never used anywhere else.

Go to Account & Lists → Account → Login & security → Password. Use our free password generator to create a 16+ character random password and store it in a password manager like NordPass or 1Password. You should never be able to recall this password from memory — if you can, it's probably not random enough.

Step 2: Enable Two-Step Verification

Amazon calls its 2FA system "Two-Step Verification" and it's one of the most effective protections you can add. Even if an attacker has your password, they can't log in without the second factor. To enable it, go to Account & Lists → Account → Login & security → Two-Step Verification (2SV) Settings → Get Started.

Amazon supports authenticator apps (the most secure option), SMS text messages, and voice calls. Choose an authenticator app if possible — Google Authenticator, Authy, or Microsoft Authenticator all work well. Authenticator apps generate a 6-digit code every 30 seconds that's required at login, and unlike SMS, they can't be intercepted via SIM swapping.

After setup, Amazon also lets you mark certain trusted devices as not requiring 2FA each time. Use this feature selectively — only mark devices you physically control and that are protected by a screen lock.

Step 3: Review Your Saved Payment Methods and Addresses

Go to Account → Your Account → Payment options and review every saved card. Remove any cards you no longer use — fewer saved cards means less exposure if the account is ever compromised. Also check Account → Your Addresses and remove any old addresses that are no longer relevant. Attackers who gain access to your account will look for opportunities to add a new shipping address for fraudulent orders, so a cleaner address book makes suspicious changes more visible.

Consider setting up an Amazon gift card balance for routine purchases instead of keeping a primary credit card saved. This limits your financial exposure — an attacker can only spend what's in the gift card balance rather than charging freely to your credit card. For most purchases, a credit card is still preferable for dispute protection, but limiting saved cards reduces risk.

Step 4: Check Recent Orders and Login Activity

Amazon provides two important audit trails worth reviewing regularly. First, go to Returns & Orders to check your recent order history for any orders you didn't place. Fraudulent orders are often shipped to reshipper addresses and may be disguised as gift orders. If you see anything suspicious, report it to Amazon immediately and change your password.

Second, Amazon lets you review devices that are signed into your account. Go to Account → Manage Your Content and Devices → Devices tab. You'll see every Amazon device and app signed in with your account — Echo devices, Fire tablets, Kindle readers, and the Amazon app on phones. Remove any device you don't recognize. In the Preferences tab, you can also see registered deregistered devices and manage your digital content access.

Step 5: Secure Connected Amazon Services

Modern Amazon accounts often have more connected services than people realize. If you use Alexa, review your voice history in the Alexa Privacy settings and consider enabling a voice code for purchases. Alexa can make purchases by voice by default — if you have an Echo in a shared space, voice purchasing should be restricted or disabled.

If you use Amazon Pay on third-party sites, review the list of merchants at pay.amazon.com → Settings → Merchant agreements. Remove any merchants you no longer use. Each merchant connection is a potential access vector. Similarly, if you've used Sign In with Amazon on other websites, review and revoke access for sites you no longer use at amazon.com → Login & security → Apps and other services.

Amazon Account Security Checklist

Run through this list to verify your Amazon account is properly secured:

  • ✅ Set a unique, randomly-generated password using a password generator
  • ✅ Enable Two-Step Verification with an authenticator app
  • ✅ Remove saved payment cards you no longer use
  • ✅ Remove outdated shipping addresses
  • ✅ Review recent order history for unauthorized purchases
  • ✅ Audit signed-in devices and remove unrecognized ones
  • ✅ Restrict or disable Alexa voice purchasing if you have an Echo
  • ✅ Review Amazon Pay merchant connections
  • ✅ Check apps connected via Sign In with Amazon

Recommended Tools

For storing the strong passwords you generate, we recommend NordPass (zero-knowledge encryption, excellent free tier) or 1Password for families who share accounts. Both generate strong passwords automatically and fill them in your browser so you're never tempted to reuse something memorable.

For 2FA, the Google Authenticator or Authy apps are free and take five minutes to set up. See our complete 2FA guide for a walkthrough of getting started with authenticator apps on any major account.

See our full security tools guide for more recommendations on protecting your online accounts.

#amazon security#online shopping#account security#2FA#password safety

🔒 Generate a Strong Password Now

Use our free tool to create cryptographically secure passwords for all your accounts.

Try the Password Generator →
← Back to all articles