Customer help > Privacy and security

Password security

When you sign in to your account, we take precautions to protect your account. First, whenever you sign in to your Amazon account, you sign in using a secure server connection (https://). We use Transport Security Layer (TLS)/Secure Socket Layer (SSL), the industry standard in secure server protection.

Your account is also protected by a unique password that you create. Remember these guidelines when creating your password:

  • Avoid passwords containing your user's real name or username
  • Use passwords with minimum length of 6 characters.
  • Use passwords with a minimum of three of the following mix of character types: uppercase, lowercase, numbers, non-alphanumeric symbols (for example , ! @ # $ % ^ & * < > -).
  • Avoid passwords consisting solely of a word with slight modifications.
  • Avoid usage of modifications or increments of a recent password for the account.
  • Avoid using common words or phrases as your password.
  • We also recommend that you keep this password confidential. Sharing your password can compromise the security of your Amazon account.
  • Passwords should be changed frequently (at least every 90 days).

Secure your account with two-step verification

We recommend that you add another level of security to your account by setting up two-step verification, also known as multi-factor authentication (MFA). When you turn on two-step verification, each time you sign in to Amazon with your password, we'll send to your mobile phone a security code that you also need to enter before you can access your account. This means that if your password is compromised, no one can use your password alone to go into your account.

Turn on two-step verification

Watch video on YouTube showing how to set up two-step verification for your Amazon account.

  1. Sign in to, click Account & Lists, and then click Your Account.
  2. On your Amazon account page, click Login & security, and then for Advanced Security Settings click Edit.
  3. On the Advanced Security Settings page, click Get Started.
  4. Choose how you want to receive verification codes:
    • By text message on your mobile phone: Enter your full primary mobile phone number (which must be able to receive SMS messages), and then click Send code.
    • By automated voice call: Enter your full primary phone number, and then click Call me now.
    • By using an authenticator app on your mobile phone: Click Add the new Authenticator App, open the authenticator app on your phone (or download one from the App Store), add an account within the app, and then scan the barcode shown.
  5. Enter the code that was sent to your phone number or generated through the authenticator app, and then click Verify code and continue.
  6. To make sure that you have a back-up option for receiving a security code if you no longer have access to your primary phone, you cannot turn on two-step verification without adding a back-up phone number. Add a backup verification method by doing either of the following:
    • Add a phone number and choose the delivery format (text message or voice call).
    • Download and configure an authenticator app. This lets you generate security codes when you can't receive messages on your device.
  7. Enter the code that was sent to your phone number or generated through the authenticator app, and then click Verify code and continue.
  8. On the Almost done… page, choose whether you want to enter verification codes on the device you're using, and then click Got it. Turn on Two-Step Verification.

For help recovering access to an account that has been secured with two-step verification, see Two-step verification account recovery.

See also