Back office token protection

The token protection helps secure access to your back office by using tokens.

Learn more about Back Office Token Protection

When this feature is enabled, each URL becomes specific to a customer's session, and cannot be used as-is on another browser, thus protecting any information they might have stored during that session.

By default, back office token protection is enabled.

Configure the password policy & password strength indicator

The password policy menu allows you to configure your store's password policy by choosing between 5 increasing levels of complexity. This will allow you to decide how strict you want to be about user passwords.

Passwords are rated from 0 (Extremely guessable) to 4 (Very unguessable) based on their security score. The minimum and maximum length of passwords can be set manually.

When creating an account, front office users receive real-time cues of their chosen password’s strength according to the back office password policy. A color-coded cue as well as a tooltip will help them understand if their password is strong enough.

Cue colorPassword lengthPassword strength


Not long enough

Not strong enough


Not long enough





An example of a weak password (🟥,🟧)An example of a strong password (🟩)

Manage employee and customer sessions

These tabs allow you to manage employee and customer sessions. To delete a session and sign out the user, click on the delete button in the Actions column.

To access the back office, the employee or customer will need to sign back in using their email and password.

Clear outdated Sessions

The Clear button allows you to manually delete outdated sessions to reduce database clutter.

Last updated