Two-step authentication using a built-in authenticator

You can use a built-in authenticator that's compatible with the WebAuthn standard as a second factor for logging in to your account. Built-in authenticators are integrated into a device you use as an authenticator. For example, you might set up your device to use biometric data, such as a fingerprint sensor or facial recognition. Some examples of a built-in authenticator are Windows Hello, and Apple Touch ID or Face ID. Alternatively, you might set up your devices to use a password or a PIN. Whatever you use to log in to your device is what you use for this method of two-step authentication.

Built-in authenticators only work on a single device. If you don't want to rely on a mobile device for two-step authentication, then you can choose the built-in authenticator on your laptop or desktop. If you use a built-in authenticator as your primary authentication method to log in to your account, then you should add a backup authentication method that doesn't rely on the built-in authenticator. Adding a different backup authentication method than the built-in authenticator lets you to log in to your account on other devices.

Steps:

  1. From your Shopify admin, click your store name in the topbar.
  2. Click Manage account > Security.

  3. In the Two-step authentication section, click Turn on two-step.

  4. Enter your password, and then click Next.

  5. From the Authentication method list, select Built-in authenticator.

  6. Enter a name for your authentication device. If you use multiple authentication devices, ensure that you enter a name that is meaningful so that you can easily identify which authentication device is required. For example, iPhone PIN or Laptop fingerprint.

  7. Click Turn on.

  8. Follow the on-screen instructions for activating the authenticator.

  9. Save your recovery codes in case you lose access to your mobile device. Make sure that you store them in a safe location offline that you can access in multiple ways, such as from your mobile device, your desktop computer, and from a printed document.

Now when you try to log in, you require the built-in authenticator for two-step authentication for that device.

On this page

What to do next

Consider setting up at least one backup authentication method that doesn't rely on the built-in authenticator so that you can log in to your account from a different device.

Can’t find the answers you’re looking for? We’re here to help.