Shopify Plus store owners can now log in without a password with the help of Passkeys support launched by the OwnID plugin. This will increase conversion and reduce the drop rate. It is a low-code way to include passwordless authentication to the Shopify store. Merchants can now log in on any device with a single click as the technology eliminates the need to remember or even create passwords. OwnID, the provider of passwordless infrastructure for the internet, is available free of cost for up to 10,000 logins per month. Earlier, OwnID released a no-code WordPress plugin.
The Passkeys support will help Shopify Plus store owners reduce user drop-offs by 35 percent and improve the conversion rate by 2o percent or more, states the press release citing case studies. Elimination of passwords allows store owners to streamline purchase flow and reduce user drop-off rates, both of which play crucial roles in e-commerce.
Earlier this year, Apple, Google and Microsoft joined hands with the FIDO Alliance and the World to work on removing passwords for user authentication across the platforms. Apple announced its own implementation of this standard called Passkey. Microsoft and Google released similar statements announcing their own Passkeys implementation.
Steps to Add Passwordless Support to the Website
Shopify Plus merchants who want to go passwordless simply need to allow multipass login in their store and then connect the Shopify plugin to the OwnID console using an API key. Below are the four steps that store owners need to follow for passwordless support:
Step 1 – Enable Multipass login in Shopify admin
- For this, merchants need to log in to their Shopify admin and then go to Settings > Checkout and accounts page. Then, click on the Customer accounts section and make sure that you have selected “Allow customers to log in from online store and checkout”.
- Choose Enable Multipass. Once enabled, you will get a secret which you will require during the OwnID onboarding process. Do not share it with anyone.
Step 2 – Generate and get your Shopify API Access Token
To use OwnID Shopify integration, merchants will need the URL of their Shopify store and an API access token. In case you do not know how to find an API access token, go through the below-mentioned steps carefully.
First, enable a custom app from the Shopify owner’s account. For this you need to:
- Log in to your store as the owner.
- Go to the left sidebar and choose Apps in the admin section.
- Select Apps and sales channels settings from the dropdown menu.
- Now select Develop apps for your store.
- Choose Allow Custom App Development in the next two screens.
- Now click on Create an app. In the App developer text box, you will be required to share your email address and give a name to your app.
- Go to the Configuration tab and click on Configure in the Admin API Integration section.
- You will find many categories under Admin API access scopes. Go to the search bar and type Customers. Now, tick the boxes for ‘write_customers’ and ‘read_customers’, and click on Save.
- Visit API Credentials and select Install in the Access tokens box. You will find your Admin API Access Token has been created. Select on Reveal token once to see it. Use this access token while onboarding in the OwnID console.
Step 3: Create OwnID Application
Having an OwnID application is a must for every website integrating with OwnID. Here’s how to create an OwnID application:
- Go to the OwnID console and log in to your existing account or create an account.
- Click on Create Application and then choose Shopify Plus Integration.
- Now you need to complete the integration steps by using Shopify Multipass secret and API Access Token.
Step 4: Add OwnID button to Login and Registration forms
In this last step, you have to complete the integration by adding a passwordless button to login and registration forms, For this, you have to edit three pages of the Shopify theme. Here’s how:
- Go to Online Store and then click on Themes
- Now select Actions and then go to Edit code. You will find a directory of theme files on the left side of your screen. You will also get to view and edit those files on the right side.
- See the left panel and select folder Layout. Now choose file theme.liquid and put the script mentioned below in the file:
- In the folder Sections, choose the file main-login.liquid and after your login form, put the code mentioned below:
- Then, inside the same folder Sections, choose the file main-register.liquid. Put the input mentioned below after the password field element inside the registration form:
- Put the code mentioned below after the registration form in the same file:
- Finally, save all the changes you have made and enjoy Shopify Plus passwordless authentication!
Shopify And Password Threat
A report published by Specops in September this year stated that Shopify‘s password policies are weak on the customer-facing front of its website. The minimum requirement of Shopify is that passwords should have at least five characters and there shouldn’t be space at the beginning or at the end.
After the analysis of one billion breached passwords, researchers at Specops analysed concluded that 99.7 percent adhere to Shopify’s requirements. Lunabelle, luckygurl, loveok, lovehate16 and login666 among others are some examples of breached passwords that meet these requirements.
Moreover, Shopify allows the use of the word ‘Shopify’ in the passwords, thus, making passwords more vulnerable to hackers. Researchers found 18 passwords with names like shshopify, myshopify, shopify123, shopifyseoexpert and shopify. Though Shopify provides two-factor authentication (2FA), it is not required while creating an account on the platform. This simply means that the e-commerce giant doesn’t perform a compromised password check.
It should be noted that the research doesn’t suggest that the passwords of Shopify customers have been breached. However, multiple breached passwords follow Shopify’s minimum requirements, thus posing a huge risk related to weak passwords.
One of the advantages of using Shopify is that store owners do not need to handle their own payment card gateways. The platform does the transaction processing on behalf of the customers, this shielding merchants from several PCI regulations. As per PCI standards, merchants have to protect stored cardholder data but when the payment processing is outsourced, the retailer is no longer in possession of customers’ data.
What is Shopify Plus
Launched in 2014, Shopify Plus is an extension of the original offering. It offers better control and a wide range of choices. Besides all the basic standard features offered by Shopify’s basic plans, Shopify Plus has additional resources to assist merchants to boost their revenue and sales. Shopify Plus store owners can manage all the stores from a single location. It also supports additional application programming interface (API) calls that enable merchants to integrate with custom apps.
ALSO READ: Shopify vs Shopify Plus. Which is Better? – Shop Digest
Store owners also get access to advanced apps specially made for high-growth businesses. Besides additional integrations and permissions, store owners can use Shopify POS Pro, Merchant Success Program, Shopify Plus Partner Program and a Shopify Plus Community on Facebook.
Shopify Plus has a complex pricing system. Merchants need to pay final fees on the basis of sales volumes. A minimum sum of $2,000 per month is supposed to be paid for standard setups and integrations. Once $800,000 in sales per month is done, Shopify Plus switches to the revenue-based model, which is a maximum $40,000 per month.
About OwnID
OwnID, based in Tel Aviv, Israel was founded by Dor Shany and Rooly Eliezerov in June 2021. It replaces traditional passwords with biometric authentication. Users login into the website with their phone which has its own unlock mechanism like faceID, fingerprint, passcode, etc.
Those accessing it on a desktop, need to register and log in using a phone camera to scan a QR code. The authentication flow doesn’t need the installation of any app as it is web-based. Nestle, Delonghi, Carrefour and Carnival Cruise Line among others use the passwordless solution of OwnID.
