Echo Control Binding - Config Problem - Login to /amazonechocontrol/ not possible

Hey guys,

I want to install and config the Echo Control Binding to be able to let my Echo Devices speak out the messages I also send me via telegramm for example in case someone used the door bell.

I installed the binding via paper UI and have created the a things file “alexa.things”

Bridge amazonechocontrol:account:account1 "Amazon Account" @ "Accounts"
{
Thing echo	echo1 "Alexa"@"Küche" 	[serialNumber="G090LFxxxxxxxxxxx"]
}

Now I go to the amazoncontrol side “http://192.xxx.xxx.xxx:8080/amazonechocontrol/” and come to the page were to enter my amazon account data. I enter the data and now there is comes a message that they have send me a approval link via sms. I received that, clicked link, page tells me that login was approved. In the meantime in the browerstab of “http://192.xxx.xxx.xxx:8080/amazonechocontrol/” I’m back to the page were to enter the login credentials. I enter them again. And everything starts from the beginning. SMS with link, clicking link, login approved… but tab is in loginform again.

I also tried using the amazonechocontrol url directly from my mobile device. Still the same only that I have to enter a security code in addition to username and password.

Any ideas how I can get out of this cycle?

Did you enable 2FA / two step verification for your amazon account as described here: https://www.amazon.com/gp/help/customer/display.html?nodeId=202073820 ?

No I did not and if possible I don’t want to use two step verification.
Thats why Im a little confused why I have to do it here.

May it be possible that it has something todo with the fact that it is a german account and it looks like this is all based on US? I saw that in older version of the binding it was possible to add the info which Amazon (in my case amazon.de) has to be used.

You need to enable 2FA / two step verification to get it working.
This is a security measure that was introduced by Amazon about two or three months ago.
I just provided the international insturctions. There is also a german page:
https://www.amazon.de/gp/help/customer/display.html?nodeId=GE6SLZ5J9GCNRW44

May I ask why you try to avoid 2FA ?

OK thanks. And looks like you’re absolute right. Acitvated 2FA and now it worked and Alexa is speaking my commands. Thanks a lot :slight_smile:

Regarding your questions about 2FA.
I use very save passwords and change them very regularly so I don’t want the annoying 2FA. I already feel safe.

So far I’ve never fallen into a phishing pitfalls - although there have been one or two cases where I was nearly trusting that the mail came from the sender it seems to be. But by not directly acting on it and taking the time to again check the content of the mail and mail header I realized that it was phishing.

In my job when I was working for an other department it was a must recommended by the BSI to secure accounts using 2FA hardware tokens.
See also some more info about 2FA from BSI ( in german ): https://www.bsi-fuer-buerger.de/BSIFB/DE/DigitaleGesellschaft/OnlineBanking/Zwei_Faktor_Authentisierung/Zwei-Faktor-Authentisierung_node.html

I know for some 2FA implementations there are frameworks available to online intercept the 2FA entered OTP see ( german ) https://www.heise.de/select/ix/2019/10/1916911165814422074

This might have been the reason why 2FA was introduced: https://www.psafe.com/en/blog/vulnerability-found-alexa-app/