Skip to main content

Passwordless login and sign-up using Shopify Multipass

Enable a one-step signup process for your Loyalty and Memberships program

James Dohm avatar
Written by James Dohm
Updated over 2 weeks ago

Passwordless login and sign-up using Shopify Multipass

Transform your customer login experience with Rivo's passwordless authentication system. Instead of remembering passwords, your customers can quickly and securely access their accounts using one-time email codes or alternative login methods like Google, Apple, and Shop Pay.

✨ Passwordless login is available exclusively for Shopify Plus merchants and requires Multipass to be enabled in your Shopify admin. Learn about Shopify Multipass →


Why use passwordless login?

Passwordless authentication offers significant benefits for both you and your customers:

  • Improved customer experience: No more forgotten passwords or complex login processes

  • Higher conversion rates: Reduce friction in the login process to increase account creation and engagement

  • Enhanced security: One-time codes are more secure than reused passwords

  • Reduced support tickets: Eliminate password reset requests and login issues

  • Mobile-friendly: Perfect for customers shopping on mobile devices


Enabling Multipass in Shopify & Rivo

Here’s how to enable it on your Shopify store:

  1. Open your Shopify admin and go to Settings > Customer accounts

    Customer Accounts settings
  2. Scroll down to find the Multipass section and click Turn on – this will create a Multipass secret

    Multipass settings
  3. Open Rivo: Loyalty & Referrals and go to Settings > Multipass Login

    Rivo's Multipass Login page
  4. Enter your Multipass secret in the field

  5. Optional: Edit your Multipass page translation and design

  6. Click Save.

💡 Pro Tip: For supporting documentation, see Shopify Multipass Documentation.


How passwordless login works

Rivo's passwordless login system uses a secure one-time code (OTC) process:

Customer login flow

  1. Customer enters their email address on your login page

  2. Rivo sends a 4-digit verification code to their email

  3. Customer enters the code to access their account

  4. They're automatically logged in and redirected to their desired page

Auto-login for returning customers

For an even smoother experience, returning customers can be automatically logged in when they click email links from your marketing campaigns. This feature works with popular email platforms and eliminates the need for any login steps.

Alternative login methods

In addition to email codes, customers can also log in using:

  • Google: Sign in with their Google account

  • Apple: Use Apple ID for secure authentication

  • Shop Pay: Quick login through Shopify's Shop Pay system

Contact your account manager to enable these alternative login methods.


Customizing your login experience

Rivo provides extensive customization options to match your brand and optimize the user experience:

Text and messaging

Customize all text that appears during the login process:

  • Login title: The main heading on the login form (default: "Login with an email")

  • Email placeholder: Placeholder text in the email field (default: "email")

  • Login button text: Text on the submit button (default: "Get Login Code")

  • Verification title: Heading on the code entry page (default: "Enter the code we just sent to #{{email}}")

  • Verify button text: Text on the verification button (default: "Verify Code")

  • Help text: Links for customers having issues

Email customization

Personalize the verification emails sent to customers:

  • Shop name: How your store name appears in emails

  • Email subject: Custom subject line (supports variables like #{{shop_name}} and #{{code}})

  • Email body: Complete custom email template with your branding

  • Verification link option: Allow customers to click a link instead of entering a code

Design and styling

Match your brand's look and feel:

  • Background color: Set the main background color for login forms

  • Button styling: Custom CSS classes for primary and secondary buttons

  • Custom CSS: Add your own CSS for complete design control

Advanced settings

  • Code expiration: Set how long verification codes remain valid (default: 5 minutes)

  • Email validation: Enable strict email format validation

  • Return path: Specify where customers are redirected after login

  • Marketing opt-in: Allow customers to subscribe to marketing during login


Security features

Rivo's passwordless login includes robust security measures to protect your customers and prevent abuse:

  • Time-limited codes: Verification codes expire automatically (configurable from 1-60 minutes)

  • IP address monitoring: Suspicious IP addresses are automatically blocked

  • Email validation: Optional strict email format checking to prevent invalid addresses

  • Rate limiting: Prevents spam and abuse attempts

  • Secure token generation: Uses cryptographically secure random codes

  • Domain blacklisting: Blocks known problematic email domains


Customizing your login experience

Rivo provides extensive customization options to match your brand and optimize the user experience:

Text and messaging

Customize all text that appears during the login process:

  • Login title: The main heading on the login form (default: "Login with an email")

  • Email placeholder: Placeholder text in the email field (default: "email")

  • Login button text: Text on the submit button (default: "Get Login Code")

  • Verification title: Heading on the code entry page (default: "Enter the code we just sent to #{{email}}")

  • Verify button text: Text on the verification button (default: "Verify Code")

  • Help text: Links for customers having issues

Email customization

Personalize the verification emails sent to customers:

  • Shop name: How your store name appears in emails

  • Email subject: Custom subject line (supports variables like #{{shop_name}} and #{{code}})

  • Email body: Complete custom email template with your branding

  • Verification link option: Allow customers to click a link instead of entering a code

Design and styling

Match your brand's look and feel:

  • Background color: Set the main background color for login forms

  • Button styling: Custom CSS classes for primary and secondary buttons

  • Custom CSS: Add your own CSS for complete design control

Advanced settings

  • Code expiration: Set how long verification codes remain valid (default: 5 minutes)

  • Email validation: Enable strict email format validation

  • Return path: Specify where customers are redirected after login

  • Marketing opt-in: Allow customers to subscribe to marketing during login


Security features

Rivo's passwordless login includes robust security measures to protect your customers and prevent abuse:

  • Time-limited codes: Verification codes expire automatically (configurable from 1-60 minutes)

  • IP address monitoring: Suspicious IP addresses are automatically blocked

  • Email validation: Optional strict email format checking to prevent invalid addresses

  • Rate limiting: Prevents spam and abuse attempts

  • Secure token generation: Uses cryptographically secure random codes

  • Domain blacklisting: Blocks known problematic email domains


Best practices

Follow these recommendations to optimize your passwordless login experience:

Setup recommendations

  • Keep default expiration time: 5 minutes provides good balance between security and usability

  • Enable email validation: Reduces failed login attempts from invalid email addresses

  • Customize email templates: Use your brand voice and include clear instructions

  • Set up alternative login methods: Provide options for customers who prefer social login

Customer communication

  • Clear instructions: Make sure customers understand they'll receive an email with a code

  • Check spam folders: Remind customers to check their spam/junk folders

  • Provide alternatives: Always offer a way to contact support if login fails

  • Mobile optimization: Ensure the login process works smoothly on mobile devices

Monitoring and optimization

  • Track verification rates: Monitor how many customers successfully complete the login process

  • Review failed attempts: Identify common issues and improve the experience

  • Test regularly: Ensure the login process works correctly across different devices and email providers


Best practices

Follow these recommendations to optimize your passwordless login experience:

Setup recommendations

  • Keep default expiration time: 5 minutes provides good balance between security and usability

  • Enable email validation: Reduces failed login attempts from invalid email addresses

  • Customize email templates: Use your brand voice and include clear instructions

  • Set up alternative login methods: Provide options for customers who prefer social login

Customer communication

  • Clear instructions: Make sure customers understand they'll receive an email with a code

  • Check spam folders: Remind customers to check their spam/junk folders

  • Provide alternatives: Always offer a way to contact support if login fails

  • Mobile optimization: Ensure the login process works smoothly on mobile devices

Monitoring and optimization

  • Track verification rates: Monitor how many customers successfully complete the login process

  • Review failed attempts: Identify common issues and improve the experience

  • Test regularly: Ensure the login process works correctly across different devices and email providers


Troubleshooting

Common issues and solutions for passwordless login:

Common customer issues

Customer doesn't receive the verification email

  • Check spam/junk folders

  • Verify the email address was entered correctly

  • Ensure your store's email domain isn't blacklisted

  • Try requesting a new code

Verification code doesn't work

  • Check if the code has expired (default: 5 minutes)

  • Ensure the customer is entering the most recent code

  • Verify there are no extra spaces or characters

Login page doesn't appear

  • Confirm Multipass is enabled in Shopify admin

  • Verify the Multipass secret is correctly configured in Rivo

  • Check that your Shopify plan includes Multipass (Shopify Plus required)

Setup and configuration issues

Multipass secret not working

  • Double-check the secret was copied correctly from Shopify admin

  • Ensure there are no extra spaces or characters

  • Try regenerating the secret in Shopify and updating it in Rivo

Customers redirected to wrong page after login

  • Check the "Return Path" setting in your Multipass configuration

  • Verify the URL format is correct (should start with /)

  • Test the redirect path manually to ensure it exists

Email customization not appearing

  • Save your settings after making changes

  • Test with a new login attempt to see updated emails

  • Check that custom email templates use correct variable syntax (#{{variable_name}})


Frequently asked questions

Do I need Shopify Plus to use passwordless login?

Yes, passwordless login requires Shopify's Multipass feature, which is only available on Shopify Plus plans.

How long do verification codes last?

By default, verification codes expire after 5 minutes. You can adjust this from 1 to 60 minutes in your Multipass settings.

Can customers still use regular passwords?

Yes, passwordless login works alongside traditional password-based login. Customers can choose their preferred method.

What happens if a customer enters the wrong code?

They'll see an error message and can request a new code. There are built-in protections against repeated failed attempts.

Can I customize the verification emails?

Yes, you can customize the subject line, email body, and even create completely custom email templates with your branding.

How do I enable Google, Apple, or Shop Pay login?

These alternative login methods require additional setup. Contact your account manager to enable these features for your store.

Is passwordless login secure?

Yes, passwordless login is often more secure than traditional passwords because it uses time-limited codes and eliminates the risk of password reuse or weak passwords.

Can I track passwordless login usage?

Yes, Rivo provides analytics on login attempts, verification rates, and other metrics to help you optimize the experience.

What if customers don't receive the verification email?

Common solutions include checking spam folders, verifying the email address, and ensuring your email domain has good deliverability. You can also enable the verification link option as an alternative.


Need help?

If you need assistance setting up or troubleshooting passwordless login, our support team is here to help:

  • Email us at [email protected]

  • Use the chat widget in your Rivo admin

  • Contact your dedicated account manager (Plus plan customers)

When contacting support, please include:

  • Your store domain

  • Description of the issue

  • Steps you've already tried

  • Screenshots if applicable

Did this answer your question?