Securing your account with two-step authentication
Two-step authentication (also known as two-factor authentication or multifactor authentication) provides a more secure login process. Two-step authentication provides extra security in case anyone other than you attempts to log in to your Shopify admin using your account. When you attempt to log in, you need to complete two separate steps:
- Enter your account credentials, which are your email address and your password.
- Authenticate your attempt to log in using a mobile device or a security key.
Two-step authentication makes it much more difficult for an unauthorized person to access your account. Even if someone else learns your password, they won't be able to log in without the second step.
Two-step authentication is one type of secure sign-in method. Secure sign-in methods can include two-step authentication and passkeys.
Secure two-step authentication relies on combining two factors, which can be something you know (such as your email address and password combination), something you have (such as a one-time use code that is provided by an authentication app or through SMS text, or a security key), or something you are (biometric authentication, such as a fingerprint).
For example, when you make a cash withdrawal at the bank, you need something you have (your debit card) and something you know (your PIN). Two-step authentication is similar, but you also need to use an authentication method, such as a one-time use code, every time that you log in to your Shopify account. In the case of a one-time use code, the code expires after it's used and it can't be used again.
Staff members can set up two-step authentication for their own individual accounts. The store owner can't activate two-step authentication for any other staff member.
When two-step authentication is required for your store or user account, you might need to complete two-step authentication when you log in to Shopify POS. If Shopify POS displays a two-step authentication warning dialog or banner, then refer to securing your Shopify POS setup.
If you're having issues with your two-step authentication and logging in to your account, then you can try troubleshooting login issues.
Why Shopify might require you to use two-step authentication
Some two-step authentication requirements are set by your organization. In other cases, Shopify requires two-step authentication on your individual account to help keep it secure, even if you didn't turn it on yourself. When Shopify requires it, you're prompted to set up a two-step authentication method the next time you log in, and you need to finish the setup before you can continue to the Shopify admin.
For security reasons, Shopify doesn't share the specific factors behind this requirement, and it can't be turned off while it applies. Setting up two-step authentication helps protect your account and your store, even if someone else learns your password.
If you need help choosing and setting up a method, then refer to the authentication methods in this section. If you're unable to finish the setup or log in, then refer to troubleshooting login issues.