Alexa’s new calling feature means it’s really time to set up two-factor authentication
If you don’t already have two-factor authentication turned on for your Amazon account, now is as good a time as any. At a recent summit held by the SANS Institute, a private information security and cybersecurity company, it was noted that because the Alexa app does not require 2FA, accounts can be accessed by anyone who has access to an individual’s Amazon credentials.
Brian Moran of digital forensics company BriMor Labs discovered the issue while testing the app on multiple devices. As he found, the first sign-in by a user on a mobile device requires a PIN delivered by SMS to verify the user, but this is the only time 2FA is required.
This means, as detailed in the SANS presentation, if you have access to Amazon credentials, you could…