ShopKatalog

Account Security

Learn how to secure your ShopKatalog account and protect your business

Securing Your Account

Your ShopKatalog account is the gateway to your business. Strong account security is essential to protect your shop, customer data, and business information. This guide covers the best practices and tools to keep your account safe.

πŸ” Key Principle: A secure account starts with a strong password and responsible account management.

Password Security

Creating a Strong Password

A strong password is your first line of defense:

βœ… Password Requirements

  • βœ“At least 12 characters (16+ recommended)
  • βœ“Mix of character types: uppercase, lowercase, numbers, symbols
  • βœ“Unique: Don't reuse passwords from other accounts
  • βœ“Random: Avoid birthdays, names, or dictionary words
  • βœ“Not sequential: Avoid patterns like 123456 or ABCDEF

Password Examples

❌ Weak: password123, MyShop2024, JohnDoe123

βœ… Strong: Tr0pical$Elephant#Wave2024!, B@ckup!Secur3#Database, $Print3r&Coffee#Mix2024!

Using a Password Manager

A password manager securely stores your passwords:

  • Generate and store strong, unique passwords
  • Auto-fill passwords in your browser and apps
  • Secure password sharing with team members (optional)
  • Encrypted storage with master password protection

Popular options: 1Password, Bitwarden, LastPass, KeePass

Changing Your Password

  1. Go to Account Settings β†’ Security
  2. Click "Change Password"
  3. Enter your current password
  4. Create a new strong password
  5. Confirm the new password
  6. Click "Update Password"

⚠️ When to Change Password: Immediately after signup, every 90 days, if compromised, before/after sharing access, or when leaving a team

Two-Factor Authentication (2FA)

Two-factor authentication adds an extra security layer. Even if someone knows your password, they can't access your account without the second factor.

How 2FA Works

  1. 1Enter Username & Password - Your normal login credentials
  2. 2Enter Verification Code - Code from authenticator app or SMS
  3. 3Access Granted - You're logged in securely

Available 2FA Methods (Coming Soon)

Authenticator App

Time-based one-time passwords (TOTP)

  • β€’ Google Authenticator
  • β€’ Microsoft Authenticator
  • β€’ Authy
  • β€’ 1Password

SMS Text Message

Codes sent to your phone

  • β€’ 6-digit codes
  • β€’ Valid for 5 minutes
  • β€’ Requires active phone number

Recovery Codes

When you enable 2FA, you'll receive recovery codes. Store them safely:

  • ⚠️Save recovery codes in a safe place (password manager, safe, etc.)
  • ⚠️Don't share recovery codes with anyone
  • ⚠️Use them if you lose access to your 2FA device

Login Security Best Practices

Safe Login Practices

  • βœ“Use HTTPS: Always access ShopKatalog via https://shopkatalog.com (check the lock icon)
  • βœ“Verify URL: Bookmark the site to avoid typosquatting
  • βœ“Public Computer: Use "public computer" mode and always logout
  • βœ“Keep Browser Updated: Regular updates include security patches
  • βœ“Antivirus Software: Keep your device protected from malware
  • βœ“Secure Network: Avoid public WiFi for sensitive account access
  • βœ“Logout Properly: Click logout instead of just closing browser

Phishing & Scam Protection

Phishing attacks try to trick you into revealing your password. Here's how to stay safe:

Warning Signs of Phishing

  • 🚩Email asking you to "verify" your password or payment info
  • 🚩Urgent action required - threatens account suspension or closure
  • 🚩Generic greeting like "Dear User" instead of your name
  • 🚩Suspicious email address (not @shopkatalog.com)
  • 🚩Links don't go to ShopKatalog domains
  • 🚩Poor grammar and spelling mistakes
  • 🚩Unsolicited attachments or requests to click links

What To Do If You Suspect Phishing

  1. Don't click any links or download attachments
  2. Don't reply to the email
  3. Report it by forwarding to security@shopkatalog.com
  4. Delete the email
  5. Go directly to ShopKatalog by typing the URL yourself
  6. Check your account for unauthorized access

πŸ’‘ Remember: ShopKatalog will never ask for your password via email or phone. We never send unsolicited login links.

Managing Account Access

Active Sessions

Monitor where your account is logged in:

  1. Go to Account Settings β†’ Security β†’ Active Sessions
  2. See all devices where you're logged in
  3. Logout from any unrecognized devices
  4. Logout from all other sessions if needed

Login Activity

Review recent login attempts:

  • See when your account was accessed
  • Know which devices and locations logged in
  • Identify suspicious login attempts
  • Get alerts for unusual activity

Connected Devices

Manage apps and devices with access:

  1. Go to Account Settings β†’ Security β†’ Connected Devices
  2. Review all apps with access to your account
  3. Revoke access from apps you no longer use
  4. Check permissions for each connected app

Account Recovery

What to do if you've lost access to your account:

Forgot Password

  1. Go to login page and click "Forgot Password"
  2. Enter your registered email address
  3. Check your email for reset link
  4. Click the link (valid for 1 hour)
  5. Create a new strong password
  6. Log in with new password

Account Locked

If you enter wrong password too many times:

  • Your account is temporarily locked for security
  • Wait 30 minutes before trying again, OR
  • Use "Forgot Password" to reset immediately
  • You'll receive a security notification

Compromised Account

If you think your account has been hacked:

  1. Immediately change your password
  2. Review Account Settings β†’ Security β†’ Login Activity
  3. Logout all other sessions
  4. Enable two-factor authentication
  5. Contact support if you notice suspicious activity
  6. Check customer information for unauthorized changes

🚨 Emergency: Contact support immediately at security@shopkatalog.com if you believe your account is compromised

Common Questions

How often should I change my password?

We recommend changing your password every 90 days. Change immediately if you suspect compromise or after sharing access with someone.

Is it safe to use the "Remember Me" feature?

"Remember Me" is safe on personal devices. Avoid it on shared or public computers. The session is encrypted and automatically expires.

Can I have multiple people access one account?

It's not recommended to share one account. Each team member should have their own account. We're working on team/admin features.

What if I lose my 2FA device?

Use your saved recovery codes to login. Then disable 2FA and set it up again on your new device. Keep recovery codes safe!

Next Steps

Data Security β†’

Learn how your data is protected

Account Settings β†’

Manage your account information

Was this article helpful?

Need more help? Contact our support team