I buy a lot from Amazon so my ID / location has been established for years. I also use 2FA.
After installing SurfShark, [which auto connects] I tried to log into Amazon. The 2FA failed about 15 times, [no kidding] Msg said there was a log in error, and I used different methods to get the one time code. Zilch. I got the 6 digit code but none worked.
Then got warning emails from Amazon that someone in Michigan was logging into my account. [or trying to] Link sent me to change password.
Recalling the VPN, I disconnected it and proceeded with changing password.
Logged into Amazon and the 2FA code worked. No strange activity on my Amazon account.
#1 Did my VPN route me via Michigan, and Amazon, knowing my true location refuse to accept my 2FA?
#2 It’s some bizarre coincidence and VPN has no relationship to log in’s?
When my blood pressure comes back down, I’ll reconnect VCM and try again, just to see, but wonder if this strange event is common with VPN’s?
I cannot log into the ServiceNow account of one of my customers if I engage their VPN. Counterintuitive much. Sounds similar.
I asked SurfShark, and as usual, replied with meaningless boilerplate, suggesting I read their FAQ’s.
Connect VPN, 2FA fails [on Amazon]
Disconnect VPN, 2FA works [on Amazon]
However, VPN on, 2FA works on both my banks…so it’s iffy.
I believe that your banks system has a record of your IP address and will only accept your log in when the IP address matches their records.
Of course the VPN discuses your IP and that results in the rejection.
I have been rejected from certain sites when using a VPN.
That’s my confusion. The VPN alters my IP addy, so Amazon won’t accept the 2FA. But B/A and Citi both did accept it. Odd
More: tried logging in to another user forum, got this:
"If you’re using a VPN, try turning off the VPN. Many people find that just switching off the VPN will get them through. "
My 2FA failed once while using a VPN. But has worked fine while using it several times since then.
Maybe your banks are using a higher-level IP address and the one’s that don’t work are using a machine-level IP address. Or… could the banks be using cookies?