Is the admin of your webshop secured?

By MarietteEngels

Set up 2 factor authentication!

How secure is your webshop? And how secure are the login details of the admin?

Do not let a hack happen to you and do not assume that the provider can completely block everything. Once logged in to the back-end of the shop, someone can access everything. Do not wait until your shop is hacked and your customers’ data is on the street or other business-sensitive information such as product information, customer-specific prices or stock information.

And how do they get in? Sometimes very simple by logging in via the admin with retrieved login details…. The username is almost always an e-mail address and therefore easy to find. Sometimes the password is easy to guess and otherwise there is software for that …

A good solution…

You can make it a lot more difficult for hackers by, for example, setting up extra security such as two-factor authentication (or sometimes also called 2-step verification). This takes little time and no advanced IT knowledge. For example, set up two-factor authentication when logging into your back-end and of course also think of Instagram, Facebook, Twitter, LinkedIn etc …

Two-factor authentication is an extra code that (often) has to be entered after your login details. You will receive the code via an SMS or via an app. The advantage of an app is that you can set it up on multiple phones, so that a colleague does not have to ask for the SMS code.

Examples of (free) two factor authentication apps are:

  • Google Authenticator
  • Duo Mobile
  • Microsoft Authenticator
  • FreeOTP
  • Authy
  • Yandex

For example: you log in to the admin as you are used to with login name and password. The shop then first asks if you want to enter the code from an authentication app on your phone. The app generates a new code every time within a certain time. Enter the code in the verification and click on log in and you are logged in to the shop.

In Shopify you set the 2 factor authentication as follows:

  • Step 1:
    Download for example the Authenticator app from Microsoft on your phone: https://www.microsoft.com/nl-nl/account/authenticator
  • Step 2:
    Go to the admin page of your webshop and click on your login icon (top right)
  • Step 3:
    Choose security in the menu, then choose “Set up two-step verification” and then select “verification app”.
  • Step 4:
    You will then receive a QR code that you can scan with the Authenticator app.
  • Step 5:
    In the authentication app, click on the + and choose the option “other”, after which you can scan a QR code in Shopify.
  • Step 6:
    The app has created a new authentication under the name Shopify and your e-mail address.
  • Step 7:
    Go back to the site and enter the code that is on the authentication app at Shopify in the last field (the code will be refreshed after 30m seconds)
  • Step 8:
    In Shopify you will receive recovery codes that you can print or download, if logging in via the app fails, you use the recovery code. So keep it safe!
  • Step 9:
    Try it out by logging in to the admin of the webshop again.
  • Step 10:
    Congratulations, the shop is a bit safer again!

Read the full Shopify manual

Various apps are available for Woocommerce and WordPress that make this possible, click here for an overview