Account security

Connecting your computer or mobile device to a network includes a degree of risk. No matter the size of your business, criminals might target you and your information.

Caution

If you believe someone has accessed your account without your permission, then take steps to secure your data immediately.

Generate unique passwords with a password vault

Caution

Each of your passwords should be unique. Don't use the same password for more than one account, even if the accounts are related.

Many people use the same password for more than one account. Often they pair it with the same username or email address. Without unique passwords, if a username/password pair is exposed, then an attacker might gain access to another account that uses those credentials.

Using password vault software is a great way to generate and manage your passwords. When you use a password vault, you need to remember only the master key to the vault, and your other passwords can be autogenerated jumbles of letters, numbers, and symbols. Some password vaults we recommend are LastPass, Dashlane, and 1password.

Defend against phishing

Phishing attacks try to fool you into installing malicious software on your device or giving up sensitive information. Learn how to protect yourself.

Turn on two-step authentication

You can enable two-step authentication for your Shopify account to reduce the likelihood that someone who has acquired your password will be able to cause any damage. Your staff members can set up two-step authentication for their accounts as well.

It's a good idea to use two-step authentication on your other accounts whenever possible. Major services that support two-step authentication include:

Secure a compromised account

If your account has been compromised, then take steps to protect your data right away:

  1. Log in to the email account that you use to log in to Shopify and change the password.
  2. Log in to Shopify and change the password for your Shopify account. If you can't log in, then reset your password. If you don't receive a password reset email, then contact Shopify Support.
  3. Enable two-step authentication for extra security at login. If two-step authentication is already configured and an attacker was able to defeat it — for example, they stole your device — then change your device and set up two-step authentication again.
  4. Check your banking details for Shopify Payments and update if necessary.
  5. Check and update your banking details for PayPal and any other payment gateways you have configured.
  6. Review your general account settings to make sure all other information is correct.

Reset blacklisted credentials

Because many people use the same password for more than one account and pair it with the same username or email address, if a username/password pair is exposed, then an attacker might gain access to other accounts that use the same credentials.

In order to reduce the risk of this happening to you, we obtain and analyze information from public data leaks. If your credentials are found in any of these leaks, then we lock your account. When you try to log in, you will see an error message until you reset your password to one that has not been compromised.

We also recommend the use of two-step authentication and password vault software to make all of your accounts as secure as possible.

Want to discuss this page?

Visit the Shopify Community

Ready to start selling online with Shopify?

Try it free