eBay, PayPal, Google, Microsoft, Facebook, and more, all support multi-factor authentication. This allows the use of a password and another security protocol such as a token or text message to generate a pin.
When Amazon was contacted about this omission via chat, they did mention how security was utmost important. However, they had difficulty grasping the concept of multi-factor protection and initially focused only on their helping against unexpected credit card charges.
While multi-factor isn't everything, such as a site being vulnerable against direct attacks, it can reduce the surface significantly at the account level for those that enable such protections. What was most surprising was there was no expectation of adding multi-factor authentication in the near future. Bummer for us. While the convenience of of keeping a credit card on file is nice for purchasing, especially via a mobile device, considering abandoning this practice until they increase their security.
Interestingly enough, other Amazon Services (e.g. AWS) has multi-factor authentication.
What to know more about multi-factor authentication for the normal person, check out this article.