How to set up Two-Step Authentication on Shopify: Easy & Secure

Your Shopify online store is a treasure chest, and there are always those hackers who seek chances to steal your gold. Scary, right? That’s why both of us, as Shopify experts, and Shopify itself, cannot stress enough the importance of knowing how to set up two-step authentication on Shopify! It is always more assured when you know that your door has not just one, but two locks.

So, let’s learn how to protect your business and your customer data by bringing up the two-step authentication (2FA) to your Shopify store. Fast, easy, and step-by-step, everything you need will be provided in this guide. Let’s start!

1. Two-Step Authentication (2FA): Overview

1.1. What is 2FA? What is it used for?

Two-step authentication (or 2FA), also known as two-factor authentication, means you give your door a double lock. It asks you two types of information to prove it is you. It’s not just your password (something you know) – it also asks for a second thing, like a code from your phone (something you have).

1.2. Purpose of Setting 2FA?

Why do you need to know how to set up two-step authentication? Several reasons include:

• Extra security: It’s a shield to prevent hackers from breaking into your Shopify store. 
• Compliance: Some payment gateways require 2FA.
• Customer trust: Let your customers know they can believe their eCommerce experience is secured.
• Peace of mind: You can sleep soundly knowing your online shopping is always authorized.

1.3. 2FA Types

You have multiple options to set up the Shopify two factor authentication. Here’s the rundown for you to pick what fits your vibe:

1.3.1. 2FA Using SMS Text Messages

• How does it work? 2FA via SMS is the simplest form of two-step authentication. After entering your Shopify password, a code is sent to your phone. Just bring it in, and boom – you’re logged in!
• When to use it? It’s perfect for users who want simplicity. A great option if you’re always glued to your phone and don’t want to install extra apps. However, you have to make sure your signal is strong. And, it is slightly less secure than other methods as SMS messages can potentially be intercepted.

1.3.2. 2FA Using an Authenticator App

• How does it work? Download a third-party app like Google Authenticator, scan a QR code, to generate time-based one-time passwords (TOTPs). And the app generates a new six-digit code every 30 seconds.
• When to use it? It’s more secure than SMS, and great if you do not have an internet connection around. Pick this if you put security on top and don’t mind installing another app. However, a drawback is that you need to have your phone with you to access your Shopify account.

1.3.3. 2FA Using a Security Key

• How does it work? This is a physical device (like USB) you plug into your device or connect via NFC. Tap it or insert the key to authenticate. This gives your store the highest level of security. 
• When to use it? It’s perfect for high-value Shopify stores or those handling sensitive customer data. The downside is the additional cost of purchasing the security key and the risk of losing it. Bonus: no phone is needed!

1.3.4. 2FA Using a Built-in Authenticator

• How does it work? Some devices come with built-in authenticators, like fingerprint or face ID. These use biometric data as a second factor so that Shopify can use that to verify you. It’s quick and slick.
• When to use it? This type is best for those store owners who love shortcuts and have a high-tech gadget handy. The drawback is that this can only work on devices with the authenticator feature embedded in.

1.4. Benefits when setting up 2FA for your Shopify store

• Superhero Security: Double up your defenses, one is your password, one is the extra code from the SMS or the app, then hackers might get trouble treating. Dramatically reduce the risks of getting hacked.
• Phishing Protection: Even if you accidentally enter your password on a fake site, hackers will be stuck without the second factor to authorize.
• Multi-user security: Ensures safe entry to your Shopify store for all staff members.
• Trust Boost: Customers are also happy knowing their Shopify login is locked tight.
• Compliance: Helps meet security requirements for payment processing and data protection regulations

2. How to set up Two-factor authentication (2FA): Step-by-step

You are now good with the basics about the Shopify two factor authentication, are you ready to lock it down? Here’s how to set up two-step authentication on Shopify in general steps first, then we’ll zoom into each type later.

2.1. The general steps to set up two factor authentication on Shopify:

1️⃣ Step 1: Click Your Store Name in the top bar

• Log into your Shopify store, then spot your store name up top and click on it:

2️⃣ Step 2: Manage Account > Security

• A drop-down pops up > hit “Manage Account”:

• Then tap on the “Security” tab:

3️⃣ Step 3: In the Two-step authentication section, click Turn on two-step

• Scroll down to “Two-Step Authentication” > smack that “Turn on two step” button. 

4️⃣Step 4: Enter your password, and then click Next

• Depending on your account status, you might need to re-authenticate your account by typing your password > then click “Next.” 

• After these 4 steps above, a pop-up appears to pick your 2FA method. Click “Authentication methods” to see your options. From here, we will go deep into how to set up each specific type of 2FA.

2.2. Setup 2FA Using SMS Text Messages

• From the dropdown, choose “SMS Delivery”.

• Enter your country code and phone number > tick “I am human” >  then hit “Send authentication code.”

• Grab the code texted to your phone and type it in.

• Press “Turn on” – done! Next login, you’ll get a text code.

• (Optional): Create a backup authentication method to use when your SMS delivery – a.k.a your primary method now, is unavailable. 

• Save your recovery codes (In the Two-step authentication section > Save your recovery codes > View codes) in case you’re unable to use your primary or backup authentication method. 

2.3. Setup 2FA Using an Authenticator App

• Choose “Authenticator App” from the dropdown.

• Grab your phone and download the Google Authenticator app, scan the QR code on screen.

• Type the 6-digit code the app gives you.

• Hit “Turn on” – you’re app-protected!

• (Optional): Create a backup authentication method to use when your Authenticator app – a.k.a your primary method now, is unavailable. 

• Save your recovery codes (In the Two-step authentication section > Save your recovery codes > View codes) in case you’re unable to use your primary or backup authentication method. 

2.4. Setup 2FA Using a Security Key

• Select “Security Key” from the dropdown.

• Enter the name for your security key. Then click “Turn on”.

• Click on “USB security key”.

• Follow the prompt to activate it and you will receive a list of 10 codes.

• (Optional): Create a backup authentication method to use when your security key – a.k.a your primary method now, is unavailable. 

• Save your recovery codes (In the Two-step authentication section > Save your recovery codes > View codes) in case you’re unable to use your primary or backup authentication method. 

2.5. Setup 2FA Using a Built-in Authenticator

• Pick “Built-in Authenticator” from the dropdown.

• Enter a name for your authentication device. And if you have more than one device, give each of them a clear and meaningful name so you can recognize when needed.

• Click “Turn on”.

• Follow the on-screen prompts to activate the two-step authentication on Shopify. 

• (Optional): Create a backup authentication method to use when your security key – a.k.a your primary method now, is unavailable. 

• Save your recovery codes (In the Two-step authentication section > Save your recovery codes > View codes) in case you’re unable to use your primary or backup authentication method. 

3. Two-Step Authentication (2FA) Recovery Codes

3.1. What are Recovery codes?

Recovery codes are 10 special codes – each code is a unique combination of letters and numbers – Shopify gives you when setting up multifactor authentication. Just like the spare keys to your Shopify store – they let you in when your regular authentication method isn’t available.

3.2. What are Recovery codes used for?

Use a recovery code to sneak back into your Shopify login every time…

• You lose access to your phone
• Your authenticator app gets deleted
• Your security key goes missing
• You’re traveling without cell service for SMS
• You get a new device and haven’t set up 2FA on it yet

3.3. Steps to retrieve and save your recovery codes

1️⃣ Step 1: From your Shopify admin, click your store name in the topbar > Manage account > Security.

2️⃣ Step 2: In the Two-step authentication section >  under Recovery codes > click View codes.

3️⃣ Step 3: To store your list of codes, you can click the following button:

• Print codes: To print a PDF of the codes list.
• Copy codes: To copy and paste them elsewhere.
• Download codes: To download the codes to a .txt file.

4️⃣Step 4 (Optional): If all 10 codes have been used before, click “Regenerate codes” to bring up the fresh ones.

3.4. Notes to know when using recovery codes:

• You get 10 codes – each work once, then poof, gone!
• Keep them secret, keep them safe (not in your fridge!).
• Used all 10? Generate a new set by clicking on the “Regenerate codes” button.
• Store these codes somewhere safe and separate from your main device

4. How to Deactivate 2FA

Want to turn off Shopify two-factor authentication? Here’s how:

1️⃣ Step 1: Click your store name > “Manage Account.”

2️⃣ Step 2: Go to “Security” on the left.

3️⃣Step 3: Find “Two-Step Authentication” > click “Remove” next to your method.

4️⃣Step 4: Enter your password or re-authenticate your account, then hit “Remove.”

Once confirmed, you’ll see a notification that two-step authentication has been turned off.

5. Tips to keep in mind when setting up 2FA

5.1. General setup tips:

• Please don’t wait until too late: Set up 2FA right after creating your Shopify store. It’s like installing a security system before you’ve been robbed, not after.
• Don’t just use one method: Set up more than one 2FA channel as a backup. Make an authenticator app your primary method and set up SMS as a fallback, for example.
• Test it out: Test your method after setup, log out, and back in to ensure everything works as expected.
• Team training: Got staff? Make them use 2FA too, and make sure everyone understands how to use 2FA properly.

5.2. Tips for specific 2FA types:

• SMS text messages: Check your phone signal since weak connection bars will give you no code. Add a backup phone number if possible. And remember that SMS may not work in all countries.
• Authenticator app: Install the app before setup, and on multiple devices if you have the ability. 
• Security key: Buy at least two security keys and register both as the key on Shopify. Keep it on something you won’t lose (like your keychain).
• Built-in authenticator: Ensure your device supports it (some very old models might not). In case you’re selling or giving away your device, remove it from your 2FA settings first.

6. The bottom line

There you have it – how to set up two-factor authentication on Shopify – made as simple as possible to save you time! Throughout this tutorial, we’ve walked through the different types of 2FA available, how to set up each one step-by-step, and important tips to keep your security tight and your customers delighted. 

At eComStart, we’re all about making eCommerce easy and secure – check us out for more pro tips to elevate your Shopify store. 

And if you are very ready to build your own Shopify store, don’t miss our Shopify 3 months for $1 deal to draw your dream store. Or if you still have some hesitation, learn how to launch a Shopify store to prepare yourself like a champ. Stay safe, sell big!

7. FAQs