保护受入侵账户
如果您的账户遭到入侵,请立即采取措施保护您的数据。
步骤:
登录用于登录 Shopify 的电子邮件账户并更改密码。
登录 Shopify 并更改 Shopify 账户的密码。如果您无法登录,请重置密码。如果您没有收到密码重置电子邮件,请联系 Shopify 支持。
启用两步验证,以增强登录时的安全性。如果已配置两步验证但攻击者还是成功破解(例如,他们窃取了您的设备),请删除用于该设备的验证方法并为其他设备再次设置两步验证。
检查 Shopify Payments 的银行详细信息,并在必要时更新这些信息。
检查并更新已针对 PayPal 和任何其他支付服务提供商配置的银行详细信息。
检查您的通用账户设置,确保所有其他信息均正确无误。
按照政府指南操作以保护您的标识和敏感信息。
重置已阻止的凭据
由于许多人对多个账户使用相同的密码,并将其与相同的用户名或电子邮件地址配对,如果用户名/密码对发生泄漏,攻击者便可能访问使用相同凭据的其他账户。
为了降低这种情况发生在您身上的风险,我们会从公共数据泄漏中获取和分析信息。如果在这些泄漏中找到了您的凭据,我们将锁定您的账户。当您尝试登录时,您将看到一条错误消息,直到您将密码重置为一个未泄露的密码才会恢复正常。
备注:您可以在 Have I Been Pwned(我是否已被入侵)处检查数据泄露是否危害到了您的任何凭据。
您还应该使用两步验证和密码保管库软件来尽可能确保您的所有账户的安全。
可疑登录活动
为防止攻击者登录 Shopify 账户,Shopify 安全系统会进行检测,并在检测到异常活动时锁定账户访问。在这些情况下,您需要在登录过程中确认您的身份。
系统会将十位数的代码发送至您的账户邮箱。输入此代码确认您的身份并登录。
步骤:
在验证您的身份页面,输入您邮箱收到的代码,然后点击登录
成功确认您的身份后,请查看以前的可疑登录信息,并通过点击是,这是我或不,这不是我来指示登录是否由您发起。
如果您点击不,这不是我,Shopify 将要求您在登录账户前重置密码,以确保您的账户安全。
登录不活跃的账户
如果您已经三个月或更长时间没有登录您的账户,那么您需要在登录过程中确认您的身份。
系统会将十位数的代码发送至您的账户邮箱。输入此代码确认您的身份并登录。
步骤:
在登录页面,输入发送至您的邮箱的代码。
点击登录。
Shopify商户官网原文详情:
Secure a compromised account
If your account has been compromised, then take action to protect your data right away.
Steps:
Log in to the email account that you use to log in to Shopify and change the password.
Log in to Shopify and change the password for your Shopify account. If you can't log in, then reset your password. If you don't receive a password reset email, then contact Shopify Support.
Enable two-step authentication for extra security when you log in. If two-step authentication is already configured and an attacker was able to defeat it, for example, they stole your device, then remove the authenication method for that device and set up two-step authentication again for a different device.
Check your banking details for Shopify Payments and update them if necessary.
Check and update your banking details for PayPal and any other payment providers you have configured.
Review your general account settings to make sure all other information is correct.
Follow government guides to protect your identity and sensitive information.
Reset blocked credentials
Because many people use the same password for more than one account and pair it with the same username or email address, if a username/password pair is exposed, then an attacker might gain access to other accounts that use the same credentials.
To reduce the risk of this happening to you, we obtain and analyze information from public data leaks. If your credentials are found in any of these leaks, then we lock your account. When you try to log in, you will see an error message until you reset your password to one that has not been compromised.
You should also use two-step authentication and password vault software to make all of your accounts as secure as possible.
Suspicious login activity
To prevent Shopify account logins from attackers, Shopify's security systems detect and lock account access when unusual activity is detected. In these cases, you need to confirm your identity as part of the login process.
A ten-digit code is sent to your account email. Enter this code to confirm your identity and log in.
Steps:
On the Verify your identity page, enter the code sent to your email and click Login.
After you successfully confirm your identity, review the previous suspicious login information and indicate if the login was made by you or not by clicking Yes, this was me or No, this wasn't me.
If you click No, this wasn't me, then Shopify requires you to reset your password to keep your account safe before logging in to your account.
Log in to an inactive account
If you haven't logged in to your account for three months or more, then you need to confirm your identity as part of the login process.
A ten-digit code is sent to your account email. Enter this code to confirm your identity and log in.
Steps:
On the login page, enter the code sent to your email.
Click Login.
文章内容来源:Shopify商户官方网站
