how to secure your shopify store

Ori from Astral Web, and I'm going to show you today how to enable the,two-factor authentication to secure your Shopify account.,So why do we need two-factor authentication first of all?,So you, as a store owner or a store manager, you're logging in to manage your entire,online store, right?,If someone has access to your email and password, they can log in as you, and they can steal,your information, they can change information, they can even delete your store.,And obviously, you don't want to do that.,So what do you need to do?,Aside from having a very secure password that you change regularly, that you don't reuse, all of those,best practices, what you want to do is easily enable this two-factor authentication,,what we call 2FA to have an extra authentication.,So when you log in, you have the email and the password, that's the first factor.,Okay?,And then if you enter an email and password correctly, in order to verify that you can log in,,Shopify will prompt you and ask you for a second factor.,And that second factor typically comes from your cellphone, not always, and we'll show you,a few examples.,But you'll have an extra password what changes all the time.,Every 30 seconds that password will change and only your phone, the phone owner can have that.,So in order to hack your account or log in as you, you'll need the username, the password,,and the second-step authentication.,So just adds an extra layer of security, and it's really easy to use, and strongly recommend for,every single account that ever logs in to use it.,Okay?,So let's go ahead and set it up, and explain to you what's going on.,So first of all, I logged into the back end and I click on my account.,Okay?,And what I'm going to do, I'm going to go to Security, right?,Because we're adding more security and I'm going to go to the two-step authentication.,And it says here after entering your password, you'll verify your identity with,a second-authentication method.,Now it's off.,So let's go ahead and turn it on.,When you turn it on, there's three actual methods of ways,to have two-factor authentication.,They're all basically the same method.,Some are more secure and some are less, but they're all better than no authentication.,And they all work basically in the same way.,They just have different methods of working.,Basically after you put in the email and password, you'll have another unique code that either is,on an app that you install in your phone, either you'll get a text message,,or you have a hardware dedicated device like a USB key that is, that's its only job.,It doesn't connect to the internet, it doesn't upgrade, it doesn't do anything.,It's just a hardware key just to give you this unique two-step verification key.,They all work the same.,So I'm going to show you two of these options because I don't have a hardware key with me,,but if you have a bank, for example, then, your bank sometimes will give you these hardware,keys which the number changes all the time very regularly.,Okay?,But there's a few different methods.,Google has their own key, etc.,So authenticator app.,So when you go here, you click on Next.,What you're going to do is you're going to actually have to install an app on your phone,to actually support this.,So there's two apps that are recommended.,Number one, the one I like is Authy and Authy, what it is it's really, like, a two-factor authentication,like favorites, right?,It saves all of your sites and on your phone, you can actually have the two-factor authentication,on all your phones.,The good thing about it is you can also set an account, and then if you lose your phone,,you can easily retrieve it.,Obviously, you want to...because you're storing all your two-factor authentications on one app,,you want to have a very, very good security password on it, but it's really,,really good to do it.,The second one is the Google Authenticator and the Google Authenticator is very similar in functionality.,Okay?,But if you lose your phone, you cannot retrieve the two-factor.,So you might be stuck and out of, you know, logged out of many of your accounts until you can,,you know, reinstall and get those.,So it's kind of a pain if you actually lose your phone, but obviously, it's more secure because here you're,adding another account that someone potentially could hack you, and there's a lot of other things you,got to do.,But I really recommend Authy.,Both of them can work, it's up to you.,You can install the Google Authenticator, pretty simple.,They work in very, very similar ways at least from the usage.,Okay?,So what do I do actually?,I'm not sharing my phone screen, but I can show you an example screenshot.,So when you install Authy, what you have to do is you have to click,on Add Account, this plus right here, and when you click on the plus icon, it will tell you, "Okay,,you're going to go ahead and scan a QR code.",You click here.,It's going to obviously turn on your phone camera, and then you're going to scan this QR code, right?,Now obviously, you don't want to show this to others because then others can have access to,this QR code.,So you want to scan it and close the window.,So I'm going to do it on my phone right now, going to click on the plus and the scan.,And I'm actually going to scan this QR code, and I'm going to put a name.,You actually have to put a name that you can easily recognize.,So I'm going to call it, for example, Shopify, you know, my account.,And then I get a unique key.,So first of all, I'm going to paste my account password, and here, I have a unique key that,changes every 30 seconds on my phone.,So I'm going to put it here and I'm going to enable it.,If I put in the right key, then, I'm good to proceed.,The last part of the step is recovery codes.,If for some reason you want to log in and you don't have your phone or app,,you can actually put these in a safe environment.,For example, write them on a piece of paper or print them out, and if you don't have your phone,,you can use these one time to recover and, kind of, enter as if, you know, as,the two-factor authentication.,So these are like scratch codes you can only use once.,Now if someone obtains this and they know your username, password, and then they have this,,they can log in as you.,So don't share this with anybody.,This is just a test account.,So I can share this with you, but don't share with anybody.,Not your password, not your scratch codes, not your phone, not your Authy,,not your Google authentication, nothing.,Okay?,So I'm going to...,I never like to download because this is going to be on my computer.,If someone hacks my computer, they obviously have my code.,So I like to write it down on paper.,If you're too lazy and you don't want to write it on paper, try to write it on paper.,But if you still don't want to, which I don't recommend, you can print it.,Okay.,On a piece of paper, and put that in a secure place.,So now my two-step authentication is on.,So if I log in, I'll show you my login right now, I'm logging in to my Shopify account, and I'm going,to log in to my account.,I put in my email and I put in my password right there.,And that's it, now it's asking for the code.,I'm going to input the code which is unique and changes every 30 seconds, and that's it.,If I entered it correctly, I am logged in.,If I didn't enter correctly, I'm not logged in, right?,That's an extra authentication step.,Okay?,Now what I'm going to do, and I'm going to show you one more thing which is enabling,,instead of using the app, using the SMS message.,Okay?,I'm going to go here to Security and I'm going to go here to Remove this.,And I'm going to enter my password of my account, and that's it.,And so if I do this I'm going to go back to step, turn it on.,One more thing I want to mention before we jump into this step, as far as secure methods,,each one of these are more secure than a one-step authentication, but if you have to rank them from the,more secure to less is the security key is always going to be the most secure method,out of the two-step authentication.,Why?,Because it's a hardware device that is not connected to the internet that is working and made only for,securing these kind of things.,The second one is the mobile app and the mobile app is the second secure,,and because it's only on your phone, someone has to gain physical access to your phone,to use it.,And the last one is the SMS delivery, the least secure is the SMS because people can,hack SMS messages.,Obviously, yeah, so it's a little bit easier to, kind of, hack these things, but they're all much more,secure than one-step.,So if you choose it, I recommend if you don't have a hardware device,,use the authenticator app.,So let's jump in and setup a SMS delivery instead of authenticator app.,I'm going to put in my phone number and this is my company phone number.,I'm going to click on send the authentication, and I'm going to put my current password.,And I'm going to get a text message to my phone.,So I'm looking at my phone and I got a text message.,I'm going to put in the number.,Okay, 313, and Enable.,Okay?,If I did that correctly, again, these are the scratch codes, the recovery codes,,and if I log in, I am good to go.

Congratulation! You bave finally finished reading how to secure your shopify store and believe you bave enougb understending how to secure your shopify store

Come on and read the rest of the article!