Amazon Forces Password Reset on Some Users

Amazon has decided to force a password reset on a number of users after fears that access credentials may have ended up in the wrong hands, according to a report.

Multiple and customers told ZDNet they had been sent an email and a notification on their Message Center accounts informing them of the move.

The online giant apparently claimed it had “no reason” to believe passwords were exposed but was forcing the reset due to an “abundance of caution.”

The email sent to customers apparently informed them that their Amazon password “may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party.”

Although two-factor authentication was switched on for customers last week, UK users have yet to be given the option.

Amazon had yet to respond officially to the news at the time of writing.

Keith Graham, CTO of SecureAuth, argued that the reset was “yet another nail in the coffin” for firms that rely on passwords.

“Organizations must strengthen their defenses against cyber adversaries by employing cutting edge adaptive authentication," he added.

"By layering multiple methods such as, device recognition, analysis of the physical location of the user, or even by using behavioral biometrics to continually verify the true identity of the end user, not only will the customer maintain a simple user experience, it also makes stolen credentials ineffective."

But some security experts welcomed Amazon’s caution.

Webroot senior threat research manager, David Kennerley, argued that the move showed the web giant was “going above and beyond” what is required to keep customer accounts safe.

“In general, best practice is to change your password around every three months, using different passwords for the different sites visited, but very few people actually do this, leaving their account at risk,” he added.

“Although it might prove unpopular at first amongst some Amazon customers, the initiative will only improve security.”

Photo © Alexander Supertramp

What’s Hot on Infosecurity Magazine?