Your Sauecommerce account security

Being a PCI DSS certified e-commerce solution Sauecommerce complies with the highest safety standards to keep your store safe. However, there are also things that you can do to add extra layers of security for your store account. For example, you can create a strong password for your Sauecommerce control panel and use different email addresses for your public contact info and for your Sauecommerce login.

Table of contents

Use a strong password for your Sauecommerce login, and advise your staff accounts to do the same. When creating passwords follow these general recommendations from Google:

Do:

  • Use different passwords for important accounts like your email or store account.
  • Your password should consist of at least 8 characters.
  • Use a mix of letters, numbers, and symbols like #, %, ?, !, etc.
  • Use upper and lower case letters.
  • You can try using a quote from a song/poem/movie enhanced with the above recommendations to more easily memorize a long password.

Don’t use:

  • General words from dictionaries or common expressions.
  • Keyboard patterns like “qwerty” or “12345”.
  • Personal information like names, addresses, ID numbers, important years, etc.

If you need to update the password for your Sauecommerce account to a more secure one, go to your Sauecommerce control panel → My Profile → Profile and enter your new password, then save the changes.

You can install a password manager to generate unique and strong passwords and to help keep them safe. Another benefit to using a password manager is that, with a password vault, you will need to remember just one master password in order to open the vault. We recommend using 1Password or LastPass.

Turn on two-factor authentication

If you use Gmail or Facebook to sign in to your Sauecommerce account, we recommend that you enable two-step verification (also known as two-factor authentication). This will further protect your login information both for those sites and for Sauecommerce.

With two-factor authentication you sign in with two steps:
Step 1 - you enter your password (you know it)
Step 2 - you enter a security code (you receive it on your phone).

For Gmail: follow our instructions for enabling 2-step verification for Gmail to log into your Sauecommerce account.

For Facebook: if you use Facebook to log in to your Sauecommerce account, follow these steps to enable two-factor authentication for your Facebook account.

If you sign up to Sauecommerce with your Facebook, Google, Apple, or PayPal account, you can unlink your third-party account in case it’s compromised or you lose access to it on the Profile page in your Sauecommerce admin.

Revise your staff list

If you want to add other users, like fulfillment staff or a designer, to your Sauecommerce control panel, do not share your Sauecommerce login with them. Instead, create separate staff accounts for each user in your store. Staff accounts have separate logins and don't have access to your profile and billing pages.

As a store owner, periodically revise your staff account list to make sure it’s up to date and remove unnecessary staff accounts from it.

Learn more about adding and removing staff accounts in your store.

React to suspicious login activity

As soon as Sauecommerce detects a new login to your Sauecommerce account from a different location or device (phone or computer), we will send an email notification about unusual logins to your inbox.

If you recognize the login, you can safely ignore the notification.

If you don't recognize the login, we recommend you reset your password immediately to make sure your account hasn’t been compromised. Then perform these further steps to secure your data.

Prevent phishing

Phishing is a type of online scam often used to steal personal data. Scammers send phony messages or emails to trick you into clicking on a malicious link or downloading a malicious attachment in order to steal your personal data like your login credentials or credit card details.

A phishing email appears to be sent by a legitimate company which is why it can be tricky to detect. We recommend that you do not expose your Sauecommerce login email in public places such as the contact address on your website. By not using your Sauecommerce email login publically you can help ensure that you are not contacted by scammers on that account.

You can learn more about how to detect and prevent phishing in our Preventing phishing article.