Amazon

Is anyone having problems signing on to Amazon using a verification code.
I cannot sing in as the code they give was not accepted.
Hope this is the right forum for my post

Works for me

Works for me.

Are you sure its not a fake site you are entering it in?

A lot of those fake sites look legit but they are not, they get you to entering your details and then stop there on the site, by that time they have your details and if this is the case here you will have to go to the correct site and change your password ets.

I get loads of those fake emails everyday or so stating they are from Amazon and several other sites even though they are not from them.

I just ignore those emails etc.

Plus I have separate customized mail inboxes for everything, which helps a lot too.

Paul

In reply to a post by acer:

Is anyone having problems signing on to Amazon using a verification code.

What code would that be?

Amazon usually needs a username and password.

I assumed its the 2FA code

In reply to a post by BatBoy:

I assumed its the 2FA code

Either way, that also works fine for me.

I just added the 2FA (PRI SMS, SEC Authenticator) both worked fine for me.

Paul

I haven't had a problem. If you're using a mobile phone app to generate your second factor code, check that the time on your mobile phone is correct.

Along with that, could USA timezones be a factor if the OP is on amazon.com rathervthan .co.uk? That should be automatically sorted, but I wonder if it is.

In reply to a post by RobertoS:

Along with that, could USA timezones be a factor if the OP is on amazon.com rathervthan .co.uk? That should be automatically sorted, but I wonder if it is.

Well the SMS code should still be fine no matter what time zone you are in, due to its them generating the code their end and just sending it to the user.

The Authenticator might be an issue, just took a very quick look at the code that we use along with the Google Authenticator or Windows / Microsoft Authenticator and all its doing is hashing a time stamp, so you would think there would be an issue in other time zones because I cannot see any time zone setting anywhere in the code.

Paul

TOTP 2FA implementations must be timezone neutral. From RFC 6238;

In reference to tools.ietf.org/html/rfc6238:

R1: The prover (e.g., token, soft token) and verifier (authentication
or validation server) MUST know or be able to derive the current
Unix time (i.e., the number of seconds elapsed since midnight UTC
of January 1, 1970) for OTP generation.

The fact a server is in the USA and the user trying to authenticate is in a different timezone is irrelevant.

I should state that my favourite RFC is obviously RFC 2324 with RFC 7168 a close second

Edited by caffn8me (Thu 29-Jun-17 00:25:01)

In reply to a post by caffn8me:

TOTP 2FA implementations must be timezone neutral. From RFC 6238;

In reference to tools.ietf.org/html/rfc6238:

R1: The prover (e.g., token, soft token) and verifier (authentication
or validation server) MUST know or be able to derive the current
Unix time (i.e., the number of seconds elapsed since midnight UTC
of January 1, 1970) for OTP generation.

The fact a server is in the USA and the user trying to authenticate is in a different timezone is irrelevant.

I should state that my favourite RFC is obviously RFC 2324 with RFC 7168 a close second

That's probably why my code doesn't do any time zone stuff, been a while since I have looked at it.

As for the RFC Docs, I can see why, RFC 2324 has matured more than RFC 7168 .

Paul

Many thanks for all ideas I received.I tried many times to contact amazon but no reply.I then turned to my Great Niece who resolved the problem in a flash.

It might be useful for someone else in the future if you tell us what the solution was .

Everyone reading this thread would remember.

And don't worry if it is simple and obvious. The "next person" could be doing exactly the same.

Edited by RobertoS (Sat 08-Jul-17 12:42:13)

In reply to a post by RobertoS:

It might be useful for someone else in the future if you tell us what the solution was .

Everyone reading this thread would remember.

And don't worry if it is simple and obvious. The "next person" could be doing exactly the same.

It could probably be down to Amazon emailing a code and it being greylisted and then requested another x mins later and then receiving the first code which would be invalid.

Or it might be the authenticator app and the OP being too slow to enter the code in and it changed to a new code while the OP was entering the code that they saw which would now be invalid.

If the second one was the case, its always best to wait for the code to change and then enter in the new code, you have about 30 seconds to enter that in.

But without the OP telling us the solution they took we are all just guessing here.

Paul