account-security
Installation
SKILL.md
Account Security
Overview
Customer accounts hold saved payment methods, loyalty points, purchase history, and shipping addresses — making them high-value targets for credential-stuffing attacks and account takeovers. Effective account security layers brute-force protection on the login page, breach-exposed password detection, optional multi-factor authentication (MFA), and anomaly detection for account takeover patterns. The right approach depends heavily on your platform — Shopify manages most security controls at the platform level, while WooCommerce requires additional plugins.
When to Use This Skill
- When building a customer account system from scratch
- When auditing an existing account system for security weaknesses
- When observing credential stuffing attacks (high login failure rates from distributed IPs)
- When adding MFA as an optional or required layer for high-value customers
- When implementing "Sign in with Google/Apple" as a more secure alternative to passwords