Account Security

Overview

Customer accounts hold saved payment methods, loyalty points, purchase history, and shipping addresses — making them high-value targets for credential-stuffing attacks and account takeovers. Effective account security layers brute-force protection on the login page, breach-exposed password detection, optional multi-factor authentication (MFA), and anomaly detection for account takeover patterns. The right approach depends heavily on your platform — Shopify manages most security controls at the platform level, while WooCommerce requires additional plugins.

When to Use This Skill

• When building a customer account system from scratch
• When auditing an existing account system for security weaknesses
• When observing credential stuffing attacks (high login failure rates from distributed IPs)
• When adding MFA as an optional or required layer for high-value customers
• When implementing "Sign in with Google/Apple" as a more secure alternative to passwords

Core Instructions

Step 1: Understand your platform's security model