My Love/Hate Relationship with Amazon.com and a serious flaw in their service

I love Amazon.com.  I love their selection.  I love their prices.  I love their return policies.  I love my Prime membership.  I love their delivery options and prices and speed.

But, Amazon.com has a nasty, horrible flaw.   And it’s horrible on multiple levels.  Let me explain the flaw and then how it’s exacerbated by them:

The Technical Flaw

For the past week or so, I’ve been having trouble logging into my Amazon.com account.   It started with an e-mail message I got that looks exactly like a phishing email message… you know the kind… That warns you that someone might have been messing with your account so they had to lock your account and that you need to click this link in the email to log in to “verify” you account?

Yeah, that’s what I got.  But all the links in the e-mail went to the actual Amazon.com site, which was unusual, because everything else about the e-mail threw up ALL the red flags of a phishing scam, so I simply ignored it.  But, no less than a day later, I started having trouble logging in.  I KNOW my login credentials I was using were correct because they’re stored in LastPass and LastPass is the one that enters them into the form.  Also, the Amazon app on my phone suddenly couldn’t log in either.

So, I went through the “I forgot my password” routine, had some e-mail sent to me with a link to change my password.  I changed it, but I STILL couldn’t log in.  I changed it again and I STILL couldn’t log in.  I changed it again and I STILL couldn’t log in.  I tried the latest, newest PW on my phone and I STILL couldn’t log in.  I tried it from Chrome, from FireFox, from the app on the phone, from Chrome Beta on the phone… all with the same failure.

I called tech support and after an hour and 14 minutes, talking to 2 agents, I was able to confirm (well, I was able to prove to them) that the problem was indeed on their end.

The problem is the CAPTCHA image they’re displaying in my browser for me to read and type in the letters is a DIFFERENT captcha than what their server thinks it sent me.  For example, if the image they send has the text VRB7TC in it, their server THINKS it sent me an image with KFB98RX in it, so when I type the right text, it still thinks it’s wrong.  But, somewhere between 2 to 7 tries, it eventually gets it right.  But if I log out and back in again, I go through the same nightmare.

How do I know it’s a CAPTCHA problem on their end?

Two reasons:

  1. While on tech support, the agent read to me the CAPTCHA text that their server said it sent me.  It was NOTHING like the captcha text on my screen.
  2. The agent finally admitted this is a problem they know about.

They actually willfully make this problem worse

  1. They wasted my time and they wasted two of their agents time by willfully lying to me, giving me the following lies:
    1. It’s my fault for logging in and out so often, causing my account to get locked out (BTW, it was never locked out)
    2. I need to upgrade my browser (I have the latest version of Chrome and FireFox on Linux and Chrome Beta on Android AND their own app on Android (also latest version) failed too).
    3. Told me I need to clear my cache.
    4. Told me it’s because of cookies that I need to delete.
    5. Telling me (I’m a web developer, just so you know) that even though I’m typing in the right password, my browser is sending the wrong one.  (This gets 7 out of 4 Pinocchios… Yes, you read that right).  Yes, I educated them on how this works.
  2. Not admitting early on that this is a known problem.

It gets worse!

After I berated the second level agent that all of his excuses were bullshit and explained in precise detail WHY they were, he finally admitted that this is a KNOWN PROBLEM!  This is AFTER he said he opened a ticket for me.

A KNOWN PROBLEM???  WTF didn’t he tell me that at 1 minute into the call?  Why drag me along for over an hour?

I asked when I should expect it to work for me.  He responded with gibberish and no answer.

I asked again, “When will this be fixed for me”.  He reordered the words of his gibberish with no answer.

I asked a third time, “But when will this be fixed for me?”.  Again, gibberish.

I asked a fourth time, “When will this get fixed for me?”.  This time he said, “Soon.  They’re actively working on it”.

My next obvious question was, “WHEN?”.  Him:  “Soon”.

Me:  “How long have you known about this problem?”

Him:  “Well, it was caused by security updates in your browser”.

Me:  “How long have you known about this problem?”

Him:  “It’s when the browsers made a security change that caused this to start happenning.”

Me:  “How long ago did this start?  I’m concerned that you’re not giving this the attention it needs.”

Him:  “We found out about it in October 2014”

Me:  “WHAT?!?!?!  You’ve known about this for SIX MONTHS?!?!?!?  And it’s STILL not fixed?  This is UNNACCEPTABLE for a company as big as Amazon.  This is CRITICAL and you should have had programmers working on it as a priority one and should have had it fixed on DAY ONE!  This is the CORE of your business!  If we can’t log in, we can’t buy anything!”

The call ended politely and he acknowledged that it was not a good situation, but I was left with ZERO resolution.  Nothing changed.  It’s still broken, and they’re not really going to do anything about it.

THAT’S what’s so insane and inexcusable about it.

Before you shout, “BUT IT WORKS JUST FINE FOR ME!”, let’s make perfectly clear, this is not a global problem.  It happens on some accounts.  Unfortunately, mine is one of them, and they have no idea why and don’t appear to be doing anything about it.

The Silver Lining and tiny shred of hope

The agent told me they are beta testing 2 factor authentication (though the agent didn’t know that’s what it’s called and kept calling it “a way for you to enter a code when logging in”.  After interrogating him, I was able to determine it is actually 2-factor authentication.

He showed me where, on the website, to activate it, but sadly, it was not available to me.  I asked him to add me to the beta.  He said he can’t and that it is just rolling out to random people over a period of time.

If you’re interested, this is where you can find it:

  1. Go to your Account page.
  2. Scroll down to Settings.
  3. Underneath “Forgot your password” and above “1-Click Settings”, there will be a new item.  I don’t know the text, but it will be something like “2 factor authentication”.

 

Amazon 2 factor

If you don’t see it, that means you haven’t been given the roll out of the newer version of their website, and no, you cannot call up and ask to be put on it.  Trust me, I tried.  They can’t do it.

I find it amazing that Amazon could let such a serious flaw go on for half a year (so far).  This is the kind of bug you give top priority to and put programmers on it until it is completely resolved.

See these images?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Check back later for updates too!