I spent three days on emailing and calling Amazon UK, to be able to get into my account.<p>I have 2 phone numbers registered in the account, and none of them recieved the text messages that had the security code!<p>Amazon support was funny, it took me sometime to see clearly that they are just sending me different message templates. It was a loop:<p>1. I sent them an email.
2. They asked me to call.
3. I called and they sent me the security code to my phone, which I still didn't recieve.
4. They asked me to send an email.
5. They replied with: please call us!<p>I'll always install an authenticator app instead of relying on text messages from now on.
For the record, phone numbers and SMS are a security vulnerability. Current recommended best practice once a U2F token and authentiator app are setup is to remove the phone number from the account (which may not be an option for many services).<p><a href="https://techsolidarity.org/resources/security_key_faq.htm" rel="nofollow">https://techsolidarity.org/resources/security_key_faq.htm</a><p><i>there are at least three reasons why you should avoid using text messages for two-factor authentication.<p>· Your phone number can be easily hijacked by someone who calls the phone company and pretends to be you.<p>· The text message can be viewed or redirected while en route to your phone.<p>· Many phones are configured to display text messages on the lock screen.<p>If text messages are the only way to add two-factor authentication to your account, they are better than nothing. But if you can use an alternative method, like an authenticator app or a security key, use that instead.</i><p><a href="https://news.ycombinator.com/item?id=14106578" rel="nofollow">https://news.ycombinator.com/item?id=14106578</a><p>> tptacek: <i>The real answer for "why not SMS" is "because both teenagers and intelligence services can get a phone number redirected; your phone number is not your phone."</i>
Recently I faced same issue with SMS for my Digital Ocean account. Fortunately I have my backup code to restore an account. Finally I moved to authenticator based code. By the way, Digital Ocean support is much more better than Amazon.