Two-step authentication using a security key

You can use a security key that's compatible with the WebAuthn standard as a second factor for logging in to your account. To enable two-step authentication with a security key, you need a compatible browser and a compatible security key. After you enroll a new security key on your account, you are prompted to activate the security key whenever you log in.

To avoid being locked out of your account, you can enroll multiple security keys and multiple two-step authentication methods.

The following browsers are compatible with security keys:

• Google Chrome for desktop version 67 and above
• Mozilla Firefox for desktop version 60 and above
• Google Chrome for Android version 73 and above
• Mozilla Firefox for Android version 66 and above
• Microsoft Edge version 18 and above
• Opera version 54 and above
• Safari Technology Preview 83 or later
• Brave for iOS version 1.11.3 and above

Recommended device manufacturers include the following:

• Yubico
• Feitian
• SoloKeys
• Touch ID on iOS devices

Steps

1. From your Shopify admin, click your username and account picture.

2. Click Manage account > Security.

3. In the Two-step authentication section, click Turn on two-step.

4. Enter your password, and then click Next.

5. From the Authentication method list, select Security key.

6. Enter a name for your security key, and then click Turn on.

7. Click USB security key.

8. Activate your security key. You are provided with a list of 10 recovery codes.

9. Save your recovery codes in case you lose access to your mobile device. Make sure that you store them in a safe location offline that you can access in multiple ways, such as from your mobile device, your desktop computer, and from a printed document.

Now when you try to log in, your security key needs to be connected to your device for two-step authentication.