Two-step authentication for users
You can add extra security to your store by requiring staff members to use two-step authentication when they log in. If you don't require two-step authentication, users can still set up two-step authentication on their own in their Shopify accounts.
You can set either of the following options:
- Two-step authentication is required: This setting requires the user to use two-step authentication to log in.
- Two-step authentication is not required: This user can choose to use two-step authentication.
Only eligible users can access two-step authentication settings.
By default, required two-step authentication is recommended for new users. In this case, users are prompted to set up two-step authentication when they log in. You have the option to deactivate two-step authentication when you add staff.
You can also change two-step authentication so that it isn't required for an existing user. Changing the two-step authentication setting from not required
to required
logs the user out of Shopify. Before changing a users authentication requirements, verify that they aren't in the middle of a task.
After you remove the two-step authentication requirement for existing users, their authentication settings aren't updated automatically. In this case, the user needs to change the security settings for their own account. Until the userdeactivates two-step authentication in their own security settings, they're still prompted to complete the two-step authentication setup for any store where they have a user account, whether or not the store is in your organization.
On this page
Change two-step authentication settings
From your Shopify admin, go to Settings > Users.
Click the name of the user that you want to change the security settings of.
In the Two-step authentication section, select whether two-step authentication is required or not when the user logs in through a browser.
Click Save.