Two-step authentication - making your site secure

If you only do one thing for your site this week, make it turning on two-step authentication .

The good news - Shopify is very secure. The bad news, people aren't. So what do you do if one of your staff has used a weak password, and someone has guessed or pfished it, and got into your Shopify site? Or a virus on your machine has sent your password to the bad guys?

The first thing to do is DON'T PANIC - running around with your hair on fire is a natural response to that sinking feeling, but will make things worse. Jumping on to an infected machine and changing your password just gives them your new password.


If your account has been compromised, then take action to protect your data right away.


  1. ON A DIFFERENT DEVICE (in case you've got a virus) Log in to the email account that you use to log in to Shopify and change the password.

  2. Run antivirus on any machine you (or your staff) usually use.

  3. Log in to Shopify and change the password for your Shopify account. If you can't log in, then reset your password. If you don't receive a password reset email, then contact Shopify Support.

  4. Enable two-step authentication for extra security at login. If two-step authentication is already configured and an attacker was able to defeat it — for example, they stole your device — then change your device and set up two-step authentication again.

  5. Check your banking details for Shopify Payments and update them if necessary.

  6. Check and update your banking details for PayPal and any other payment providers you have configured. We've seen a hacker change your Paypal account to their Paypal account.

  7. Review your general account settings and preferences to make sure all other information is correct. Also check your site for links to external sites.

  8. Follow government guides to protect your identity and sensitive information.

Also in eChic Blog - building your business

Register your .au domain ASAP
Register your .au domain ASAP

The team here at eChic recommend that businesses should register their .au domain to avoid someone else grabbing it.
Read More
SEO Scammers
SEO Scammers

SEO Scammers - have you ever received an unsolicited SEO email notifying you of a number of issues on your website?
After your site goes live, you are going to be bombarded with spam about "errors on your website", "look at our free report" and "let us have a free 1-hour phone call with you to talk about your SEO strategy". This is a sales technique for at best opportunists, and at worst straight out scammers.
Read More
Welcome Kaiser
Welcome Kaiser

Kaiser is our App/Django/Python expert who keeps our client's custom apps in tip top shape.
He likes to explore and learn the latest tech skills and watch movies in his spare time. His favourite go-to food is pizza. 
Read More