Shopify is one of the best platforms to have an e-commerce store. Easy to use and easy to maintain, fully integrated with payment processing and feature rich. In fact, when a client asks about an e-commerce platform for a lightweight store, we recommend Shopify on the first of few candidates.
As in any Software as a Service (SaaS), Shopify does need security measures that are not always clear to the user. A common mistake is to associate that any cloud hosted application (like Shopify) is simply safe from hackers because it’s on the cloud. Apart from offering a good level of security, the store owner must take a few actions to protect his/her account from hacker invasions.
Yes, unfortunately, there are many people like her.
What happened to her store?
Apparently, a hacker was able to login to her Shopify account and switched the bank account for deposits. The store kept selling as it should, but payouts were directed to the criminal’s controlled bank account, so she lost $ 55 thousand in sales.
Indeed she might have received an email warning about “suspicious login activity”, but this is often hard to keep track of. We receive dozens of emails everyday.
Don’t worry, in this article you will be able to apply the basic security guidelines to your store and avoid hackers from hijacking your store.
Make your Shopify safer right away!
Ok! Let’s follow a few steps to increase the level of security of your Shopify store.
1. Log into your Shopify store account and get to the main dashboard
Get to the main dashboard:
On the top right corner, click your username and expand the menu. Click on the option “Manage Account”, as below:
2. Navigate to the security tab
In the “Manage account” click on the “Security” tab as in the screenshot below.
3. Make sure you have a confirmed recovery email
If your Shopify account or even your main email account gets breached or compromised, a secondary email will be used by Shopify to confirm your identity. So, make sure you add an confirm your secondary email address. To confirm, you just have to open your email inbox and click the Shopify link.
4. Enable two-step authentication
Enabling two-step authentication will prevent hackers from hijacking your Shopify account because they would need your phone to log into your account.
To set up two-step authentication in Shopify is very simple. Click on the button “Turn on two step”, as shown below:
After clicking, you may be required to re-type your password. Now, the most popular way to setup two-factor authentication on Shopify is by using an authenticator app.
So, make sure you see the page below and click “Authenticator app”:
Now, you need to download an Authenticator app to your phone. Either on Android and iOS devices, you can download one of the following Authenticator apps:
- Microsoft Authenticator. For a complete solution, MarqSecurity recommends Microsoft Authenticator.
- Google Authenticator: For a simple solution, MarqSecurity recommends Google Authenticator.
So, just go to App Store if you use iOS or Google Play is you use Android and download one of the apps above.
After downloading one of them, you just need to launch it and follow the steps to include a new account.
The main step is to launch the camera from the authenticator app and point it to the QR code is now appearing on your Shopify page. Once it recognizes the QR code, it will start generating 10-second codes. You are required to write the code on Shopify to confirm your two-step authentication process.
We’ve jammed our QR code from Shopify due to security reasons.
Now, every time you want to log into your Shopify account you are going to be required to open you Authenticator app and paste the current code for Shopify. This is one of the best ways to prevent hackers from invading your account even if they have your password.
5. Recovery Codes
Doing this process is as important as setting your two-step authentication. If you somehow lose your phone (obviously losing access to you Authenticator app), the easiest way to log into your Shopify account again will be typing one of your recovery codes.
The safest way to store your security codes is by printing them and storing them somewhere easy to find but safe at the same time.
On the same page, you will see the “Recovery codes” section. Click on the “View codes” button and print them. Also, make sure you’ve been through the processes above otherwise you won’t be able to access your recovery codes.