A few weeks ago I discovered a rather quirky and slightly disturbing fact about Amazon.com: they allow members to have multiple accounts under the same email address. Even a cursory internet search reveals that this strange system is one of the number one causes of confusion for Amazon customers.
One customer logged into his account and discovered that the Kindle he ordered was gone from his account, yet a check of his bank account showed that the money was indeed gone. It turned out to be a case of multiple accounts.
Another customer discovered that he had two accounts when he logged in and noticed that his purchase history was many years old.
Interesting questions arise when the multiple passwords on one email address situation is thought out. For example, what happens if I have two accounts with the same email address and I attempt to change the password on one account so that it matches the password on another account?
At the risk of destroying my Amazon.com account I decided to try it out. This is the message that Amazon.com gave me:
So fortunately Amazon.com does not allow you to mess up your account in this way. However, it does lead to another interesting question: Since Amazon.com does not require email verification of new accounts would it be possible to gain access to someone else's account by creating an account with their email address and then guessing passwords until you saw the "Important Message" which indicates that you have correctly guessed their password?
This explains why Amazon.com requires an image verification for changing the password. If they didn't someone could easily set up a bot which could retrieve the password of any account on Amazon with little trouble. However, it does mean that an Amazon.com account is only as secure as the image verification feature and the concealed nature of your email address. With regard to the image verification, I wonder how long it will be before computers are able to read simple image verifications like this:
What Amazon should really do is get rid of this strange account technique, if for no other reason than that it is inconvenient and confusing for many customers.
The only reason why Amazon.com implemented this feature in the first place was so that they could allow family members to have multiple accounts on the same email address. But this was during the early days of the internet when email addresses were expensive. Now a free email account is easy to come by.
There is no longer any need for Amazon users to have multiple accounts on the same email address.