Your Ecwid account security
Being a PCI-DSS certified e-commerce solution, Ecwid complies with the highest safety standards to keep your store safe. However, there are also things that you can do to add extra layers of security for your store account. For example, you can create a strong password for your Ecwid control panel and use different email addresses for your public contact info and for your Ecwid login.
In this article:
Use a strong password for your Ecwid login, and advise your staff accounts to do the same. When creating passwords follow these general recommendations from Google:
- Use different passwords for important accounts like your email or store account.
- Your password should consist of at least 8 characters.
- Use a mix of letters, numbers, and symbols like #, %, ?, !, etc.
- Use upper and lower case letters.
- You can try using a quote from a song/poem/movie enhanced with the above recommendations to more easily memorize a long password.
- General words from dictionaries or common expressions.
- Keyboard patterns like “qwerty” or “12345”.
- Personal information like names, addresses, ID numbers, important years, etc.
If you need to update the password for your Ecwid account to a more secure one, go to your Ecwid control panel → My Profile → Profile and enter your new password, then save the changes.
If you use Gmail or Facebook to sign in to your Ecwid account, we recommend that you enable two-step verification (also known as two-factor authentication). This will further protect your login information both for those sites and for Ecwid.
With two-factor authentication you sign in with two steps:
Step 1 - you enter your password (you know it)
Step 2 - you enter a security code (you receive it on your phone).
For Gmail: follow our instructions for enabling 2-step verification for Gmail to log into your Ecwid account.
For Facebook: if you use Facebook to log in to your Ecwid account, follow these steps to enable two-factor authentication for your Facebook account.
If you want to add other users, like fulfillment staff or a designer, to your Ecwid control panel, do not share your Ecwid login with them. Instead, create separate staff accounts for each user in your store. Staff accounts have separate logins and don't have access to your profile and billing pages.
As a store owner, periodically revise your staff account list to make sure it’s up to date and remove unnecessary staff accounts from it.
As soon as Ecwid detects a new login to your Ecwid account from a different location or device (phone or computer), we will send an email notification about unusual logins to your inbox.
If you recognize the login, you can safely ignore the notification.
Phishing is a type of online scam often used to steal personal data. Scammers send phony messages or emails to trick you into clicking on a malicious link or downloading a malicious attachment in order to steal your personal data like your login credentials or credit card details.
A phishing email appears to be sent by a legitimate company which is why it can be tricky to detect. We recommend that you do not expose your Ecwid login email in public places such as the contact address on your website. By not using your Ecwid email login publically you can help ensure that you are not contacted by scammers on that account.
You can learn more about how to detect and prevent phishing in our Preventing phishing article.