Customer password management with Shopify/App

New Member
1 0 0

I'm new to Shopify and am curious about three things:

1) Shopify's default password management policies/templates for a shop's customers, i.e. password creation/verification/reset/storage

2) Any Shopify app which aims to override the default policies/templates with security community's best practices on passwords? 

3) Do Shopify APIs have hooks for such capabilities to be controlled by an app?

Any references/pointers will be appreciated.


Reply 1 (1)
Shopify Staff
Shopify Staff
591 0 52

I don't think I quite get what you mean, but I'll try my best.

1) Passwords are hashed using bcrypt and we have an email based recovery system

2) No. We used to allow OAuth but because of little to no use, we removed it.

3) API access has certain levels of granularity. So if an application is only granted the permission to access orders they won't be able to access products (for example). Also a new feature was released that prevents users without proper privileges from granting permissions for aspects of a shop they themselves are unable to access.

Chris | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog