MerchantFlow Account Security Guide
Learn how MerchantFlow protects your account with email verification, two-factor authentication (2FA), backup codes, and session security.
MerchantFlow Account Security Guide
MerchantFlow account security protects your e-commerce analytics workspace through a layered approach that includes email verification, password protection, and authenticator-based two-factor authentication (2FA). These measures safeguard your financial data, integrations, and team access.
How Email Verification Works
MerchantFlow sends a verification email after signup.
Verification matters because:
- It confirms the address used for workspace ownership and notifications
- Stripe checkout requires a verified email before a payment method can be added
- It reduces the risk of abandoned or mis-addressed accounts
How Two-Factor Authentication (2FA) Works
MerchantFlow uses TOTP-style 2FA with an authenticator app (such as Google Authenticator or Authy).
You are prompted to set it up when:
- You choose the direct real-data onboarding path from the web app
- You accept a team invitation
During sign-in, users with 2FA enabled are redirected to /verify-2fa.
How to Use Backup Codes
MerchantFlow provides backup codes during 2FA setup for recovery purposes. Keep them in a secure place outside the workspace.
If you regenerate backup codes, older codes are invalidated.
Password Management Best Practices
- Create a strong password at signup or invite acceptance
- Use the password reset flow if you lose access
- After resetting your password, continue normal sign-in and 2FA verification
How to Keep Your Workspace Sessions Safe
Use these practices for shared workspaces:
- Enable 2FA on every active operator account
- Remove ex-team members promptly
- Avoid sharing a single login across multiple people
- Keep the primary owner email current
Frequently Asked Questions
How do I enable two-factor authentication in MerchantFlow?
2FA is automatically prompted during the real-data onboarding path or when accepting a team invitation. You will use an authenticator app to scan a QR code and generate time-based verification codes.
What authenticator apps work with MerchantFlow?
MerchantFlow supports any TOTP-compatible authenticator app, including Google Authenticator, Authy, Microsoft Authenticator, and 1Password.
What should I do if I lose my authenticator device?
Use one of your backup codes to sign in. If you do not have backup codes available, contact [email protected] for account recovery assistance.
Does MerchantFlow support SMS-based 2FA?
MerchantFlow currently uses authenticator-app-based TOTP for 2FA. SMS-based verification is not available.
How do I know if my email is verified?
If you can complete Stripe checkout and access billing features, your email is verified. If billing blocks you with a verification prompt, check your inbox for the verification email.
Related Guides
Last updated: March 14, 2026
MerchantFlow Profile Settings Guide
Configure your MerchantFlow profile, update personal info, set display preferences, manage notifications, and customize your workspace.
Reset Your MerchantFlow Password
Step-by-step guide to reset your MerchantFlow password, recover account access, and troubleshoot common password issues with 2FA.