diff --git a/modules/amazon/browser.py b/modules/amazon/browser.py
index fc87804b97e6472e7e73cb2412cb5928d7f12825..a48bfa368aa19cacacb3d01c255385c77bf97dae 100644
--- a/modules/amazon/browser.py
+++ b/modules/amazon/browser.py
@@ -21,7 +21,9 @@
 from datetime import date
 
 from weboob.browser import LoginBrowser, URL, need_login, StatesMixin
-from weboob.exceptions import BrowserIncorrectPassword, BrowserUnavailable, ImageCaptchaQuestion, BrowserQuestion
+from weboob.exceptions import (
+    BrowserIncorrectPassword, BrowserUnavailable, ImageCaptchaQuestion, BrowserQuestion, ActionNeeded
+)
 from weboob.tools.value import Value
 from weboob.browser.browsers import ClientError
 
@@ -85,6 +87,11 @@ def push_security_otp(self, pin_code):
             self.location('/ap/signin', data=res_form, headers=self.otp_headers)
 
     def handle_security(self):
+        otp_type = self.page.get_otp_type()
+        if otp_type == '/ap/signin':
+            # this otp will be always present until user deactivate it
+            raise ActionNeeded('You have enabled otp in your options, please deactivate it before synchronize')
+
         if self.page.doc.xpath('//span[@class="a-button-text"]'):
             self.page.send_code()
 
diff --git a/modules/amazon/pages.py b/modules/amazon/pages.py
index 211b6287b2f177eb70b24b931f598a9ff639f6ea..2034e4572cb46f0f213e13c7ea7b56e03bc0dc75 100644
--- a/modules/amazon/pages.py
+++ b/modules/amazon/pages.py
@@ -45,9 +45,20 @@ def get_sub_link(self):
 
 
 class SecurityPage(HTMLPage):
+    def get_otp_type(self):
+        # amazon send us otp in two cases:
+        # - if it's the first time we connect to this account for an ip => manage it normally
+        # - if user has activated otp in his options => raise ActionNeeded, an ask user to deactivate it
+        form = self.get_form(xpath='//form[.//h1]')
+        url = form.url.replace(self.browser.BASEURL, '')
+
+        # verify: this otp is sent by amazon when we connect to the account for the first time from a new ip or computer
+        # /ap/signin: this otp is a user activated otp which is always present
+        assert url in ('verify', '/ap/signin'), url
+        return url
+
     def get_otp_message(self):
-        message = self.doc.xpath('//div[@class="a-box-inner"]/p')
-        return message[0] if message else None
+        return CleanText('//div[@class="a-box-inner"]/p')(self.doc)
 
     def send_code(self):
         form = self.get_form()