Passwordless login and sign-up using Shopify Multipass
Transform your customer login experience with Rivo's passwordless authentication system. Instead of remembering passwords, your customers can quickly and securely access their accounts using one-time email codes or alternative login methods like Google, Apple, and Shop Pay.
✨ Passwordless login is available exclusively for Shopify Plus merchants and requires Multipass to be enabled in your Shopify admin. Learn about Shopify Multipass →
Why use passwordless login?
Passwordless authentication offers significant benefits for both you and your customers:
Improved customer experience: No more forgotten passwords or complex login processes
Higher conversion rates: Reduce friction in the login process to increase account creation and engagement
Enhanced security: One-time codes are more secure than reused passwords
Reduced support tickets: Eliminate password reset requests and login issues
Mobile-friendly: Perfect for customers shopping on mobile devices
Enabling Multipass in Shopify & Rivo
Here’s how to enable it on your Shopify store:
Open your Shopify admin and go to Settings > Customer accounts
Scroll down to find the Multipass section and click Turn on – this will create a Multipass secret
Open Rivo: Loyalty & Referrals and go to Settings > Multipass Login
Enter your Multipass secret in the field
Optional: Edit your Multipass page translation and design
Click Save.
💡 Pro Tip: For supporting documentation, see Shopify Multipass Documentation.
How passwordless login works
Rivo's passwordless login system uses a secure one-time code (OTC) process:
Customer login flow
Customer enters their email address on your login page
Rivo sends a 4-digit verification code to their email
Customer enters the code to access their account
They're automatically logged in and redirected to their desired page
Auto-login for returning customers
For an even smoother experience, returning customers can be automatically logged in when they click email links from your marketing campaigns. This feature works with popular email platforms and eliminates the need for any login steps.
Alternative login methods
In addition to email codes, customers can also log in using:
Google: Sign in with their Google account
Apple: Use Apple ID for secure authentication
Shop Pay: Quick login through Shopify's Shop Pay system
Contact your account manager to enable these alternative login methods.
Customizing your login experience
Rivo provides extensive customization options to match your brand and optimize the user experience:
Text and messaging
Customize all text that appears during the login process:
Login title: The main heading on the login form (default: "Login with an email")
Email placeholder: Placeholder text in the email field (default: "email")
Login button text: Text on the submit button (default: "Get Login Code")
Verification title: Heading on the code entry page (default: "Enter the code we just sent to #{{email}}")
Verify button text: Text on the verification button (default: "Verify Code")
Help text: Links for customers having issues
Email customization
Personalize the verification emails sent to customers:
Shop name: How your store name appears in emails
Email subject: Custom subject line (supports variables like #{{shop_name}} and #{{code}})
Email body: Complete custom email template with your branding
Verification link option: Allow customers to click a link instead of entering a code
Design and styling
Match your brand's look and feel:
Background color: Set the main background color for login forms
Button styling: Custom CSS classes for primary and secondary buttons
Custom CSS: Add your own CSS for complete design control
Advanced settings
Code expiration: Set how long verification codes remain valid (default: 5 minutes)
Email validation: Enable strict email format validation
Return path: Specify where customers are redirected after login
Marketing opt-in: Allow customers to subscribe to marketing during login
Security features
Rivo's passwordless login includes robust security measures to protect your customers and prevent abuse:
Time-limited codes: Verification codes expire automatically (configurable from 1-60 minutes)
IP address monitoring: Suspicious IP addresses are automatically blocked
Email validation: Optional strict email format checking to prevent invalid addresses
Rate limiting: Prevents spam and abuse attempts
Secure token generation: Uses cryptographically secure random codes
Domain blacklisting: Blocks known problematic email domains
Customizing your login experience
Rivo provides extensive customization options to match your brand and optimize the user experience:
Text and messaging
Customize all text that appears during the login process:
Login title: The main heading on the login form (default: "Login with an email")
Email placeholder: Placeholder text in the email field (default: "email")
Login button text: Text on the submit button (default: "Get Login Code")
Verification title: Heading on the code entry page (default: "Enter the code we just sent to #{{email}}")
Verify button text: Text on the verification button (default: "Verify Code")
Help text: Links for customers having issues
Email customization
Personalize the verification emails sent to customers:
Shop name: How your store name appears in emails
Email subject: Custom subject line (supports variables like #{{shop_name}} and #{{code}})
Email body: Complete custom email template with your branding
Verification link option: Allow customers to click a link instead of entering a code
Design and styling
Match your brand's look and feel:
Background color: Set the main background color for login forms
Button styling: Custom CSS classes for primary and secondary buttons
Custom CSS: Add your own CSS for complete design control
Advanced settings
Code expiration: Set how long verification codes remain valid (default: 5 minutes)
Email validation: Enable strict email format validation
Return path: Specify where customers are redirected after login
Marketing opt-in: Allow customers to subscribe to marketing during login
Security features
Rivo's passwordless login includes robust security measures to protect your customers and prevent abuse:
Time-limited codes: Verification codes expire automatically (configurable from 1-60 minutes)
IP address monitoring: Suspicious IP addresses are automatically blocked
Email validation: Optional strict email format checking to prevent invalid addresses
Rate limiting: Prevents spam and abuse attempts
Secure token generation: Uses cryptographically secure random codes
Domain blacklisting: Blocks known problematic email domains
Best practices
Follow these recommendations to optimize your passwordless login experience:
Setup recommendations
Keep default expiration time: 5 minutes provides good balance between security and usability
Enable email validation: Reduces failed login attempts from invalid email addresses
Customize email templates: Use your brand voice and include clear instructions
Set up alternative login methods: Provide options for customers who prefer social login
Customer communication
Clear instructions: Make sure customers understand they'll receive an email with a code
Check spam folders: Remind customers to check their spam/junk folders
Provide alternatives: Always offer a way to contact support if login fails
Mobile optimization: Ensure the login process works smoothly on mobile devices
Monitoring and optimization
Track verification rates: Monitor how many customers successfully complete the login process
Review failed attempts: Identify common issues and improve the experience
Test regularly: Ensure the login process works correctly across different devices and email providers
Best practices
Follow these recommendations to optimize your passwordless login experience:
Setup recommendations
Keep default expiration time: 5 minutes provides good balance between security and usability
Enable email validation: Reduces failed login attempts from invalid email addresses
Customize email templates: Use your brand voice and include clear instructions
Set up alternative login methods: Provide options for customers who prefer social login
Customer communication
Clear instructions: Make sure customers understand they'll receive an email with a code
Check spam folders: Remind customers to check their spam/junk folders
Provide alternatives: Always offer a way to contact support if login fails
Mobile optimization: Ensure the login process works smoothly on mobile devices
Monitoring and optimization
Track verification rates: Monitor how many customers successfully complete the login process
Review failed attempts: Identify common issues and improve the experience
Test regularly: Ensure the login process works correctly across different devices and email providers
Troubleshooting
Common issues and solutions for passwordless login:
Common customer issues
Customer doesn't receive the verification email
Check spam/junk folders
Verify the email address was entered correctly
Ensure your store's email domain isn't blacklisted
Try requesting a new code
Verification code doesn't work
Check if the code has expired (default: 5 minutes)
Ensure the customer is entering the most recent code
Verify there are no extra spaces or characters
Login page doesn't appear
Confirm Multipass is enabled in Shopify admin
Verify the Multipass secret is correctly configured in Rivo
Check that your Shopify plan includes Multipass (Shopify Plus required)
Setup and configuration issues
Multipass secret not working
Double-check the secret was copied correctly from Shopify admin
Ensure there are no extra spaces or characters
Try regenerating the secret in Shopify and updating it in Rivo
Customers redirected to wrong page after login
Check the "Return Path" setting in your Multipass configuration
Verify the URL format is correct (should start with /)
Test the redirect path manually to ensure it exists
Email customization not appearing
Save your settings after making changes
Test with a new login attempt to see updated emails
Check that custom email templates use correct variable syntax (#{{variable_name}})
Frequently asked questions
Do I need Shopify Plus to use passwordless login?
Yes, passwordless login requires Shopify's Multipass feature, which is only available on Shopify Plus plans.
How long do verification codes last?
By default, verification codes expire after 5 minutes. You can adjust this from 1 to 60 minutes in your Multipass settings.
Can customers still use regular passwords?
Yes, passwordless login works alongside traditional password-based login. Customers can choose their preferred method.
What happens if a customer enters the wrong code?
They'll see an error message and can request a new code. There are built-in protections against repeated failed attempts.
Can I customize the verification emails?
Yes, you can customize the subject line, email body, and even create completely custom email templates with your branding.
How do I enable Google, Apple, or Shop Pay login?
These alternative login methods require additional setup. Contact your account manager to enable these features for your store.
Is passwordless login secure?
Yes, passwordless login is often more secure than traditional passwords because it uses time-limited codes and eliminates the risk of password reuse or weak passwords.
Can I track passwordless login usage?
Yes, Rivo provides analytics on login attempts, verification rates, and other metrics to help you optimize the experience.
What if customers don't receive the verification email?
Common solutions include checking spam folders, verifying the email address, and ensuring your email domain has good deliverability. You can also enable the verification link option as an alternative.
Need help?
If you need assistance setting up or troubleshooting passwordless login, our support team is here to help:
Email us at [email protected]
Use the chat widget in your Rivo admin
Contact your dedicated account manager (Plus plan customers)
When contacting support, please include:
Your store domain
Description of the issue
Steps you've already tried
Screenshots if applicable