Shopify’s New Customer Accounts & Email OTP

Shopify has changed how customers log in, and this affects any app that relies on login-protected content – including B2B Lock.

This section explains:

• What changed in Shopify’s login system

• How it impacts B2B Lock’s login-based rules

• What to do if you still need the classic email + password login

1. What changed in Shopify login

Shopify is rolling out New Customer Accounts, where customers log in using:

• Their email address, and

• A one-time 6-digit code (OTP) sent to that email

This means:

• No password is required – customers authenticate by confirming access to their email inbox.

• Shopify is gradually moving away from the old email + password login experience.

• New themes are built for the Email + OTP flow by default.

• Even if you switch back to “Legacy Customer Accounts” in Shopify settings, your theme may still show the new OTP-style login.

• In the long term, Shopify is expected to fully deprecate the classic password login.

For merchants, the key idea is:

Authentication is now Email + OTP first, passwords second (or not at all).

2. How this affects B2B Lock’s login-protected content

B2B Lock does not replace Shopify’s authentication. It simply checks: “Is this visitor logged in?” and “What tags/attributes do they have?”

Because of that:

• All rules that use “If the customer is signed in” still work as expected.

• All rules that use customer tags, specific customer emails, or other customer-based conditions still work as long as the customer is correctly authenticated and tagged.

What changes is the login experience:

• When B2B Lock shows a “Login to access” message and the customer clicks login, they may land on Shopify’s Email + OTP login page instead of a classic email + password form.

• For most stores, this is fine (and recommended by Shopify for security and compatibility with Shop Pay and Shopify B2B).

Impact on typical B2B Lock scenarios

• Hide prices from guest users

  • Still works: guests see no prices; logged-in customers (via OTP) see prices.

• Lock pages/collections for logged-in or tagged customers

  • Still works: rules check login state and tags, not the login method.

• Entire website locked for B2B customers only

  • Still works: once a customer logs in via Email + OTP and has the right tags, they pass your rules.

The main thing to be aware of is UX expectations: if your message says “Enter your password to log in”, but the customer sees an OTP screen, this can cause confusion. It’s better to use neutral language like “Log in to your account” or “Check your email for a login code”.

3. If you still want classic password login

Some merchants – especially B2B merchants – still prefer to use email + password for at least part of their flow, for example:

• Long-term wholesale customers who are used to passwords

• Internal staff or B2B accounts with shared credentials

• Systems where you want a more traditional login model

For these cases:

1. BSS Commerce B2B offers a free setup service

   • The team can help you bring back a classic-style password login form tailored to your theme, even if your theme is built for Email + OTP.

   • This is done as a custom implementation on your storefront.

2. There is also a technical guide for manual setup

   • For devs or advanced store owners, there’s a “Manual Setup: Display Password Login Form in Your Theme” guide that walks through adding a legacy-style login form via theme code.

   • This approach may require basic Liquid/theme editing and may not perfectly match your theme’s native styling.

Important notes:

• This is a compatibility / UX layer; the underlying direction from Shopify is still toward Email + OTP.

• In the long run, you should plan for customers to be comfortable with OTP login, even if you keep a password form for now.

To request the free setup, you can contact the BSS Commerce team (chat in-app or email [email protected]) and mention that you want to keep password login instead of Email + OTP.

4. Recommended best practices

Here’s how we suggest thinking about logins going forward:

If you’re using Shopify’s New Customer Accounts (Email + OTP)

• Keep using login-based rules in B2B Lock (e.g. “customer is signed in”, tag-based access).

• Update lock messages to avoid password-specific language:

  • Use: “Log in to your account to continue.”

  • Avoid: “Enter your password to continue.”

• Make sure your B2B registration/approval flow creates actual Shopify customers and applies the correct tags. Once they log in via OTP, B2B Lock will recognize them.

If you’re temporarily staying on Legacy Customer Accounts

• Be aware that some themes may still show OTP-style login screens even with legacy mode enabled.

• If consistent password login is critical:

  • Use the free custom setup or the manual guide to bring back the classic login form.

• Treat this as an intermediate phase and plan for eventual migration to the new account model.

For all B2B Lock users

• Remember that B2B Lock:

  • Doesn’t manage passwords or OTPs itself.

  • Relies on Shopify’s login system and customer records.

  • Continues to enforce your rules correctly as long as the customer is recognized by Shopify as logged in and has the right tags/attributes.

By understanding Shopify’s new Email + OTP model and aligning your B2B Lock messages and flows with it, you can keep your login-protected content secure while giving customers a modern, low-friction login experience.