Securing your account with two-step authentication
Two-step authentication (also known as two-factor authentication or multifactor authentication) provides a more secure login process. Two-step authentication provides extra security in case anyone other than you attempts to log in to your Shopify admin using your account. When you attempt to log in, you need to complete two separate steps:
- Enter your account credentials, which are your email address and your password.
- Authenticate your attempt to log in using a mobile device or a security key.
Two-step authentication makes it much more difficult for an unauthorized person to access your account. Even if someone else learns your password, they won't be able to log in without the second step.
Secure two-step authentication relies on combining two factors, which can be something you know (such as your email address and password combination), something you have (such as a one-time use code that is provided by an authentication app or through SMS text, or a security key), or something you are (biometric authentication, such as a fingerprint).
For example, when you make a cash withdrawal at the bank, you need something you have (your debit card) and something you know (your PIN). Two-step authentication is similar, but you also need to use an authentication method, such as a one-time use code, every time that you log in to your Shopify account. In the case of a one-time use code, the code expires after it's used and it can't be used again.
Two-step authentication can be set up for all staff accounts, but the store owner can't activate it for staff. Staff members need to set up two-step authentication for their own accounts.
In this section
Two-step authentication using Shopify mobile prompts as a backup method