Account security overview

Gain insight into creating secure passwords for your accounts and discover how to safeguard a compromised account and reset blocked access.

Learn how to identify common methods of attack

Learn about how to identify phishing, vishing, and smishing, and what steps you should take if you have had your account or identity compromised. Learn how to protect yourself with Forter risk control protection.

Currently, Forter risk control protection is only available for Airwallex, Worldpay and Pacypay credit cards payment.

Activate two-factor authentication

Activate two-factor authentication for your Shoplazza account to reduce the likelihood that someone who has acquired your password will be able to cause any damage. Your staff should also set up two-factor authentication for their accounts.

Two-factor authentication (2FA) is essential to online security because it adds an extra layer of security to your account. A password on its own is not enough to prevent an attacker from accessing your account if your password has been shared, guessed, leaked or phished. When you activate two-factor authentication, a user must know your password and have access to your email address that you use to log in to your Shoplazza admin.

Many major services (such as Google) support 2FA as an option for their users and we encourage you to enable these features to secure your account.

Generate unique passwords with a password vault

Passwords that are used with multiple accounts are often paired with the same username/email address, can create a security risk. If one of these passwords is exposed, an intruder may be able to access other accounts. Using a password vault software provides a convenient solution, allowing users to generate and manage passwords securely, while only having to remember a single master key.

Each of your passwords should be unique. Don't use the same password for more than one account, even if the accounts are related.

Never share your login credentials

Your login credentials (your username and password), are your identity in the digital world and should be kept private and confidential. Sharing this information reduces the security of your account. You should not share your login credentials with anyone, including a colleague, a family member, or a staff member.

You should add staff members to your store, rather than giving them access to your account. Staff members can create their own unique credentials and log in to their own accounts

Secure a compromised account

If your account has been compromised, then take action to protect your data and your finances right away.

Steps:

1. Log in to the email account that you use to log in to Shoplazza and change the password.
2. Log in to Shoplazza and change the password for your Shoplazza account. If you can't log in, then reset your password. If you don't receive a password reset email, then contact Shoplazza Customer Support  .
3. Do either of the following:
   • Activate two-factor authentication for extra security when you log in.
   • If two-factor authentication is already activated and an attacker was able to defeat it, for example, they have access to your email account, remove the authentication method for that email account, and then set up two-factor authentication again for a different email account.
4. Check and update your banking details for PayPal and any other payment providers you have configured.
5. Review your general account settings to make sure that all other information is correct.
6. Follow government guides to protect your identity and sensitive information.

Reset blocked credentials

Because many people use the same password for more than one account and pair it with the same username or email address, if a username/password pair is exposed, then an attacker might gain access to other accounts that use the same credentials.

To reduce the risk of this happening to you, we obtain and analyze information from public data leaks. If your credentials are found in any of these leaks, then we lock your account. When you try to log in, you get an error message until you reset your password to one that has not been compromised.

You should also use two-factor authentication and password vault software to make all of your accounts as secure as possible.