Account security

Connecting your computer or mobile device to a network includes a degree of risk. No matter the size of your business, criminals might target you and your information.

You can protect yourself against remote attempts to access your account and steal your data:

Generate unique passwords with a password vault


Each of your passwords should be unique. Don't use the same password for more than one account, even if the accounts are related.

Many people use the same password for more than one account. Often they pair it with the same username or email address. Without unique passwords, if a username/password pair is exposed, then an attacker might gain access to another account that uses those credentials.

Using password vault software is a great way to generate and manage your passwords. When you use a password vault, you need to remember only the master key to the vault, and your other passwords can be autogenerated jumbles of letters, numbers, and symbols. Some password vaults we recommend are LastPass, Dashlane, and 1password.

Defend against phishing

Phishing attacks try to fool you into installing malicious software on your device or giving up sensitive information. Learn how to protect yourself.

Turn on two-step authentication

You can enable two-step authentication for your Shopify account to reduce the likelihood that someone who has acquired your password will be able to cause any damage. Your staff members can set up two-step authentication for their accounts as well.

It's a good idea to use two-step authentication on your other accounts whenever possible. Major services that support two-step authentication include:

Want to discuss this page?

Visit the Shopify Community

Ready to start selling online with Shopify?

Try it free