As of November 2nd, all store owners using Shopify Payments will be required to enable two-step verification on their accounts. This is to increase the security of your account and prevent fraudsters from taking over your account, leading to payment theft.
If you haven't enabled two-factor authentication yet, you'll see a yellow banner on the home page of your Shopify admin, asking you to complete two-factor authentication setup. Store owners will also receive emails from us about setting up two-factor authentication.
Two-factor authentication (2SA), also known as multi-factor authentication, makes it much more difficult for unauthorized people to access your account. Users must enter their account credentials (email and password) and then authenticate their login attempt using a mobile device or security key.
Since account breaches are most often caused by lost or stolen account information, data shows that enabling two-factor authentication prevents 99.9% of account breaches. Enabling this extra layer of security reduces the chances of your account being compromised and your payments being redirected to a rogue bank account.
If you believe your account has been compromised or would like to take precautions to prevent account compromise, you can take the following steps:
You can also use the website haveibeenpwned.com to see if your email address or phone number has been detected in a data breach.
For more information about two-step verification and how to set it up, see the Shopify Help Center's Securing your account with two-step verification page.