The Nuts and Bolts of Two-Step Authentication in Shopify


In this blog post, we go back to our ‘nuts and bolts’ discussion of Shopify. This time, we will talk about something known as two-step authentication, a process used to protect websites from unauthorized access. Two-step authentication is now employed by some of the biggest names online, including Amazon and Facebook.

Two-step authentication is a means of correctly identifying account owners and users trying to login to secure websites. Think of it in the same sense as a government official who might need both a physical ID card and a matching fingerprint in order to gain access to a secure building. Online two-step authentication is the same kind of thing.

Two-Step Authentication in Shopify

Shopify has built-in two-step authentication capabilities that can be activated rather simply. When active, all account holders subject to two-step authentication will be required to enter two pieces of information before they can log in to their accounts. They will need their password as well as an individualized authorization code generated prior to each login. The codes can be delivered via text message or an authenticator app on a mobile device.

Enabling two-step authentication with text messaging is easy. From within the Shopify admin panel, navigate to Settings > Account. Then click on the name of the account holder you want to activate; most Shopify users will start with themselves. After clicking on your name, scroll down to the two-step authentication box and click the button at the bottom to enable it. Enter your account password. From there, you will choose one of two options for receiving login codes:

  • SMS text message
  • Authenticator app.

Choose ‘SMS Delivery’, click ‘Next’, enter your mobile phone number, and click ‘Send Code’. Within seconds, you should get a text message with a six-digit code you will need to complete the authentication process. Enter that code in the next dialogue box and click ‘Confirm’.

This next step is critically important:

Shopify will generate ten access codes that can be used to login to your account in the event you lose your mobile device. Either write these codes down or print them out and store them in a safe place. They will be your only avenue for accessing your account should your mobile device ever been lost or stolen.

Should you choose to use an authenticator app, such as Google Authenticator or Amazon AWS MFA, just download and install the app before enabling two-step authentication in Shopify. Then choose the authenticator app option on the first dialogue screen. A new dialogue screen will appear with the QR code. Just scan it with your mobile device, enter the six-digit code it generates, and click ‘Confirm’.

Two-step authentication makes your website more secure by forcing all account holders to provide an extra piece of information at login, information that changes with every login attempt. As a Shopify user, you should consider enabling two-step authentication given the sensitive nature of doing business online.

Leave a Reply

Your email address will not be published. Required fields are marked *