Skip to content

Vendor-neutral, engineer-written explanations. Clear definitions first, then practical steps with real examples — no fluff.

How do I enable two‑factor authentication (2FA) for my Shopify admin?

SB
Written by StageBit Engineering Team
Updated February 2026 3 min readVerified by engineers

Two-factor authentication (2FA), also known as two-step authentication, adds an extra layer of protection to your Shopify admin account. Even if someone gets your password, they cannot access your account without completing a second verification step. 2FA is mandatory for Shopify Payments users and strongly recommended for all merchants.

Step-by-Step Guide to Enable 2FA in Shopify Admin

Step 1: Access Your Security Settings

  1. Log in to your Shopify admin.
  2. Click your store name in the top navigation bar.
  3. Click your name and email address from the dropdown menu.
  4. In the left sidebar, select Security.
  5. Scroll to the Two-step authentication section.
  6. Click Turn on two-step (or Add another method if one method is already enabled).
  7. Enter your password and click Next.

Step 2: Choose Your Authentication Method

Select your preferred authentication method from the dropdown list.

1. Authenticator App (Recommended)

This is the most secure and widely used option. It works with apps such as Google Authenticator, Microsoft Authenticator, Duo Mobile, or AWS MFA.

  1. Install an authenticator app on your mobile device.
  2. Select Authenticator app.
  3. Scan the QR code displayed on the screen.
  4. Enter the six-digit code generated by the app.
  5. Click Turn on.

2. SMS Delivery

Receive one-time verification codes via text message.

  1. Select SMS delivery.
  2. Choose your country code and enter your phone number.
  3. Click Send authentication code.
  4. Enter the six-digit code received via SMS.
  5. Click Turn on.

3. Shopify Mobile Prompts

Approve login attempts through the Shopify mobile app using push notifications.

4. Built-in Authenticator

Use biometric authentication (Face ID, fingerprint, Touch ID) or your device PIN/password. This works only on the specific device where it is configured.

  1. Select Built-in authenticator.
  2. Enter a descriptive device name (e.g., “iPhone Face ID”).
  3. Click Turn on and follow the on-screen instructions.

5. Security Key

Use a physical hardware security key (such as YubiKey) for login verification.

Managing Your 2FA Settings

Primary Method

  • Your default authentication method used during login.
  • You can change the primary method anytime.

Backup Methods

  • Additional methods you can use if your primary method is unavailable.
  • You can add multiple backup options for flexibility.

Recovery Methods

  • Recovery codes allow access if all authentication methods are unavailable.
  • Shopify recommends regenerating recovery codes regularly.
  • Store them securely in multiple safe locations.

How to Add Backup Methods

  1. Go to Security settings.
  2. Under Two-step authentication, click Add another method.
  3. Enter your password.
  4. Select a different authentication method and complete setup.

This ensures continued access if you lose your phone or change devices.

How to Generate and Save Recovery Codes

  1. Go to Security settings.
  2. Scroll to Recovery methods.
  3. Click Generate new recovery codes or View recovery codes.
  4. Save them securely (password manager, secure cloud storage, or printed copy).

Additional Security Features to Enable

Passkeys (Recommended)

  • Passwordless login using fingerprint, face recognition, or device screen lock.
  • Faster and more secure than traditional passwords.
  • Only create passkeys on trusted devices.

Secondary Email

  • Provides an alternate account recovery option.
  • Receives important security notifications.

Password Security

  • Use a strong, unique password.
  • Avoid reusing passwords across platforms.

Why 2FA Is Required for Shopify Payments

If you use Shopify Payments, two-step authentication is mandatory to prevent unauthorized payout changes and financial fraud. If 2FA is not enabled, payouts may be temporarily placed on hold.

Managing 2FA for Staff Members

Each staff member must enable 2FA individually through their own account (Store name → Their name → Security). Store owners cannot activate it for others. Shopify Plus merchants can enforce 2FA requirements organization-wide.

Logging In After Enabling 2FA

  1. Enter your email and password.
  2. Verify using your selected authentication method.

If multiple methods are configured, click Use a different method on the login screen to switch options.

Quick Tip: Temporary Login Codes

You can generate temporary login codes from your Security settings if you need short-term access on a trusted device. This is useful when traveling or switching devices temporarily.

Related Answers

Shopify How do I comply with privacy laws (GDPR, CCPA) using Shopify settings? Shopify How do I monitor suspicious activity or login attempts in Shopify? Shopify How do I recover or roll back if I break my Shopify theme? Shopify How do I back up my Shopify theme and store data?

Was this answer helpful?

Your feedback helps us improve our answers.

Still need help?

Talk to our Shopify experts

We've handled GDPR/CCPA compliance for dozens of EU & US Shopify stores.

Talk to Shopify Experts

Tell us more about your brand!

Rohit Kundale, Our VP of Sales and Marketing is ready to meet with your team.