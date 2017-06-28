Amazon Needs to Add Two-Factor Authentication to Alexa

Two-factor authentication (commonly referred to as 2FA) is a big deal these days. Most services already have it in place, as it’s an easy way to keep user accounts safe and secure, even when the user’s password gets shared with someone else. However, Alexa does not have two-factor authentication yet, but it needs it. Especially now that you can make phone calls. The SANS Institute recently held a summit, where it was made known that users that have shared their Amazon credentials with someone else, open themselves up for some relatively easy hacking. It’s quite common for people to share Amazon credentials, especially for Amazon Prime. And with this new feature for Alexa, it means a user could make a call pretending to be someone else. Not to mention receiving calls and messages that were meant for someone else.

While this isn’t really hacking, like you’d normally hear, it is still a bit scary. Imagine getting a call from your significant other through Alexa, only for someone else to pick it up. This is why two-factor authentication is needed. Then users would need more than just a password. They would need to have access to the phone that is connected to their account. Since two-factor authentication will send a code to that number for the user to verify that it is who they say they are. Now, the phone calls and text messages is really just one example of why Alexa needs two-factor authentication. But it’s definitely an example that hits close to home for many people.

No matter the service or the product, everyone should have two-factor authentication enabled. Especially with the rate that passwords and usernames are getting hacked and leaked out to the public. Two-factor authentication will provide another line of defense against those trying to hack their way into your account. Google forces everyone to use two-factor authentication, and it’s something other companies need to follow through with as well. Many banking apps have two-factor authentication on by default, forcing you to go to your phone or email address for a verification code – which is only valid for a set amount of time. It may not be the most convenient, but it does keep everything safe and sound.