I'm new to Shopify and am curious about three things:
1) Shopify's default password management policies/templates for a shop's customers, i.e. password creation/verification/reset/storage
2) Any Shopify app which aims to override the default policies/templates with security community's best practices on passwords?
3) Do Shopify APIs have hooks for such capabilities to be controlled by an app?
Any references/pointers will be appreciated.
I don't think I quite get what you mean, but I'll try my best.
1) Passwords are hashed using bcrypt and we have an email based recovery system
2) No. We used to allow OAuth but because of little to no use, we removed it.
3) API access has certain levels of granularity. So if an application is only granted the permission to access orders they won't be able to access products (for example). Also a new feature was released that prevents users without proper privileges from granting permissions for aspects of a shop they themselves are unable to access.