Ankündigungen

On November 2nd, Shopify Payments will require all shop owners to activate two-step authentication for Shopify Payments. This is to increase account security and prevent fraudsters from taking over the account (which, in the worst case, can lead to stolen payouts).

If you haven't already enabled two-step authentication, you'll see a yellow banner on your admin home page prompting you to complete the setup. You will also receive an email about the two-step authentication. 

Two-step authentication (2SA), also known as multi-factor authentication, makes it difficult for unauthorized persons to access your account. This requires you to enter your account details (email and password) and then confirm your login attempt with a mobile device or security key. 

Data shows that enabling two-step authentication can prevent 99.9% of account breaches, as most security breaches are caused by lost or stolen account information. This added layer of security reduces the likelihood that a compromised account will result in withdrawals being diverted to fraudulent bank accounts. 

If you think your account has been compromised, or if you want to take precautions to prevent a compromised account, you can take the following steps:

1. Update your password or reset it to a new one you've never used.
2. Enable two-factor authentication. App-based and biometric authentication are stronger than SMS authentication, where messages can be intercepted or rerouted through the telecom network.
3. Update your password and enable two-step authentication for your email account as well.
4. Check your bank details and update them if necessary. Keep in mind that updating bank details requires entering current bank details. So if they were updated unexpectedly, we can assume that the original data was compromised. In this case, contact your bank for assistance in securing the bank account.
5. Check the general account settings to ensure all information is correct.
6. Check your device for potential malware that may have been added.
7. Avoid clicking links or downloading attachments from emails where you are unsure of the sender. You can contact our support team if you're unsure about an email claiming to be from Shopify. You can find more tips in our article on phishing in the Help Center . 

You can also use the haveibeenpwned.com website to find out if your email address or phone number has been detected in a data breach. 

If you want to learn more about two-step authentication and how to enable it, see our Help Center article .