Skip to main content

Account Security

The Security & Authentication settings in Soppiya allow you to manage your contact details, password, and advanced login methods. These options are divided into four distinct sections in the left sidebar menu: Security, Authentication, PassKeys, and Devices.

Location: Accounts Dashboard

What Is Account Security?

Account Security is the control center for protecting your Soppiya account. It allows you to verify your identity, strengthen your login defenses, and monitor for unauthorized access.

  • Contact Management - Update email and phone numbers for recovery
  • Password Control - Change your password and verify email ownership
  • Two-Factor Authentication (2FA) - Add a second layer of security via mobile app
  • Passkeys - Set up biometric login for passwordless access
  • Device Monitoring - See exactly who is logged in and from where
For Store Owners

Enable 2FA (Two-Factor Authentication) immediately. It is the single most effective way to prevent unauthorized access to your store.

Quick Start Guide

To secure your account in minutes:

  1. Verify your email — Ensure the blue checkmark appears next to your email
  2. Enable 2FA — Scan the QR code with an authenticator app (Google Authenticator/Authy)
  3. Add a Passkey — Register your current device for biometric login
  4. Check Active Devices — Review the list and remove any unrecognizable sessions

For detailed instructions, continue reading below.

1. Security Settings

In the Security tab, you can manage your primary contact details and update your login credentials.

Email Verification

Email verification confirms that your primary email address belongs to you.

  • Unverified Status: You will see a blue text link Verify email next to your email address.
  • Verified Status: A blue checkmark will appear next to your email address.

Steps to Verify:

  1. Click Verify email next to your Primary email.
  2. Check your inbox for the verification link sent by Soppiya.
  3. Click the link in the email.
  4. Once verified, the blue checkmark will appear.
Verification Delay

If you do not see the email immediately, check your Spam or Junk folder. The link is time-sensitive, so please click it as soon as it arrives.

Managing Contact Details

To update any information on this page, use the Edit (Pencil) Icon located on the right side of each field.

  • Primary Email: Used for account verification and store ownership.

    1. Click the Pencil Icon next to Primary email.
    2. Enter the new email address and click Update.
    3. Action Required: You must verify the new email to complete the process.

  • Secondary Email: Acts as a backup for account recovery.

    1. Click the Pencil Icon next to Secondary email.
    2. Enter the backup email and click Save.

  • Phone Number: Used for alternative login or recovery.

    1. Click the Pencil Icon next to Phone number.
    2. Enter your number with the country code (e.g., +880...).
    3. Click Update.

Changing Password

  1. Click the Pencil Icon next to the Password field.
  2. Enter your New Password.
  3. Confirm your New Password.
  4. Click Update to save changes.
Password Strength

For maximum security, use a unique password that includes a mix of uppercase letters, numbers, and symbols. Avoid using common phrases or personal dates (like birthdays).

2. Authentication (2FA)

Navigate to the Authentication tab in the sidebar.

Two-Factor Authentication (2FA) adds an extra layer of security to your account. When enabled, logging in from a new device will require both your password and a verification code sent to your phone.

Steps to Enable 2FA:

  1. Click the Enable 2FA button.
  2. A pop-up titled Two-factor authentication will appear with a QR code.
  3. Open your preferred authenticator app (e.g., Google Authenticator, Authy) on your phone.
  4. Scan the QR code displayed on the screen.
  5. Enter the 6-digit code generated by your app into the "Authentication code" field.
  6. Click Enable.

3. PassKeys

Navigate to the PassKeys tab in the sidebar.

Passkeys allow you to log in quickly using biometrics (fingerprint/face) or device PINs, eliminating the need to type passwords.

Steps to Add a Passkey:

  1. Click the + Add this device button.
  2. Follow the browser prompt to authenticate using your device’s security method:
    • Biometrics: Fingerprint or Face Scan.
    • Hardware PIN: The unlock code for your computer or phone.
  3. The system will confirm that the passkey has been securely stored.
Device Specific

Passkeys are stored locally on the device you are currently using. If you use multiple devices (e.g., a laptop and a phone), you should add a passkey for each device separately.

4. Device Management

Navigate to the Devices tab in the sidebar.

This section provides a detailed dashboard of all devices currently logged into your Soppiya account. It allows you to monitor active sessions and verify login locations using an interactive map.

Device Information Dashboard

ElementDescription
Device & BrowserIdentifies the platform (e.g., Chrome on Windows, Mobile Chrome on Android).
StatusA Green Dot indicates an active session.
Time & LocationShows the timestamp of the last activity (e.g., Today at 4:34 pm) and the country/region (e.g., Bangladesh).
Interactive MapDisplays a visual pin of the login location.
Active SessionsLists specific network details, including the IP Address (e.g., 103.178.xx.xx).

Actions

  • View Details: Click the Eye icon to view session visibility.
  • Log Out a Device: For devices other than your current one, a Trash Can icon will appear on the right. Click this to remotely log out that specific device.
Security Alert

If you see a device, IP address, or map location you do not recognize:

  1. Immediately click the Trash icon to remove the device.
  2. Go to the Security tab and Change your Password immediately.

Real World Examples

Example 1: Securing a High-Value Store

Goal: Protect a store generating significant daily revenue.

Configuration:

  • 2FA: Enabled (Google Authenticator)
  • Secondary Email: Added (Owner's personal email)
  • Devices: Checked weekly

Why this works:

  • Even if a password is stolen, the hacker cannot log in without the 2FA code.
  • Secondary email ensures recovery is possible if the verified email is compromised.
Example 2: Managing a Remote Team

Goal: Ensure staff accounts are secure.

Configuration:

  • Device Management: Owner checks logged-in devices.
  • Passkeys: Staff encouraged to use TouchID on work laptops.

Why this works:

  • Owner can see if a login occurs from an unusual country (indicating a hack).
  • Passkeys prevent staff from using weak passwords like "password123".

Troubleshooting

I lost my 2FA Authenticator app

Possible causes:

  • Lost phone or deleted app

Solution:

  1. Use a Recovery Code (if you saved them during setup)
  2. If you don't have recovery codes, use your backup Passkey or Secondary Email if configured
  3. Contact Soppiya Support for a manual security reset (requires strict identity verification)
I see a login from a different city on the map

Possible causes:

  • Internet Service Providers (ISPs) often route traffic through main hubs
  • Actual unauthorized access

Solution:

  1. Check the Time — was it you logged in at that time?
  2. If unsure, click the Trash icon to log that session out
  3. Change your password immediately to be safe
Email verification link expired

Possible causes:

  • You waited too long to click the link

Solution:

  1. Go back to Security Settings
  2. Click Verify email again to send a fresh link
  3. Click the new link immediately
Need More Help?

If you suspect your account has been compromised, change your password immediately and contact support.

Best Practices

Security Best Practices

Authentication

  • Enable 2FA — This is non-negotiable for serious businesses
  • Use unique passwords — Never use the same password for Soppiya as your personal email
  • Set up multiple Passkeys — Add one for your phone and one for your laptop

Monitoring

  • Check Devices regularly — Make it a habit to look at the Devices tab once a month
  • Verify emails — Keep both primary and secondary emails verified
  • Update recovery info — If you change phone numbers, update your security settings immediately

Common Mistakes to Avoid

  • ❌ Disabling 2FA because it's "inconvenient"
  • ❌ Ignoring verification emails
  • ❌ Leaving old devices logged in (e.g., a phone you sold)

Summary

Account Security settings give you the tools to lock down your account and monitor for threats. From 2FA and Passkeys to active device monitoring, these features ensure your store remains under your control.

Key takeaways:

  • Verify your email to ensure you can recover your account
  • Enable 2FA for the highest level of security
  • Use Passkeys for fast, secure, passwordless logins
  • Monitor the Devices tab to spot unauthorized access
  • Act fast — if you see suspicious activity, log out the device and change your password

If you haven't enabled 2FA yet, do it now. It takes less than 2 minutes and saves you from potential hours of recovery work later.