Account security

Connecting your computer or mobile device to a network includes a degree of risk. No matter the size of your business, criminals might target you and your information.

Phishing, vishing, or smishing attacks have the goal of obtaining your information and login credentials. These types of attacks can appear legitimate and from reputable sources. Be cautious when clicking suspicious links or downloading attachments from emails, SMS messages, or websites. When speaking over the phone, be cautious giving sensitive information, especially if they called you. Shopify Support will request submission of sensitive documents only through a secure upload page that starts with or

For optimal account security, the store owner shouldn't share their login credentials with anyone, including their staff. A store owner's credentials should be kept secure and confidential at all times. This is the responsibility of the user which is stated in the Terms Of Service, Section 1.5.. Each user accessing the store should have a unique staff account with specific permissions.

If you believe someone has accessed your account without your permission, then take steps to secure your data immediately.

Security features, like passkeys and two-step authentication, add an additional layer of security to make it more difficult for an unauthorized person to access your account. This extra layer of security can reduce the likelihood of account takeovers that can result in data breaches and financial losses.

In this section

Can't find answers you're looking for? We're here to help you.