Timeout of Admin Logins

DSAJones
New Member
2 0 1

Our auditors are concerned that once you've logged in to the store admin there is no automatic timeout to enforce logging back in.  The only thing is to select the store and user you want to continue as but if the device you're using was previously logged in then there is no further barrier.  I noticed that my laptop has been logged in since December!

 

We've got 2 factor auth turned on but unless you manually log out then after initially logging in it's never used.  Am I missing something? 

HappySkies
New Member
1 0 0

Came here for the same question. Did you ever figure out a solution for this?

0 Likes
DSAJones
New Member
2 0 1

No, still the same.  To illustrate the point, I clicked on Reply to your message having not been in Shopify Admin for over a week.  It just presented me with the account selector and when I clicked the admin account I'm just straight back in with no further authentication.  Considering the amount of personal and payment data contained within a Shopify store, our compliance people are very concerned!

0 Likes
BrianVPS
Tourist
11 0 3

It's now nearly a year since the first post and this is still the case for me, I have NEVER had to log in again.  This is rather concerning from a security standpoint, how does Shopify get away with this?

0 Likes