Run Account Security Audit

Help me run a complete account security audit for my Shopify store:

Current Account Setup:

  Store owner email: [OWNER EMAIL]
  Number of staff accounts: [NUMBER]
  Number of collaborator accounts: [NUMBER]
  Third-party developer accounts: [NUMBER]
  Last security review date: [DATE OR NEVER]


Staff Account Audit:

  List all active staff accounts with their assigned permissions
  Identify accounts with full admin access – do they all need it?
  Flag accounts that have not logged in for [PERIOD, e.g., 90 days]
  Check if any staff accounts use shared or generic email addresses
  Verify each account has two-factor authentication enabled
  Review if permissions follow the principle of least privilege


Permission Review:

  Map each staff role to the minimum permissions required
  Recommended permission sets for: [ROLES, e.g., fulfillment, customer service, marketing]
  Identify over-privileged accounts and recommend downgrades
  Document which accounts can access payment and financial data


Collaborator and App Access:

  List all active collaborator accounts and their access scope
  Identify collaborator accounts that should be deactivated
  Review all installed apps and their permission scopes
  Flag apps with access to sensitive data (customer info, payments, admin)
  Remove apps that are no longer in use


Password and Authentication:

  Enforce strong password requirements for all accounts
  Check for accounts using passwords older than [PERIOD, e.g., 6 months]
  Verify recovery email addresses are current and valid
  Test account recovery procedures


Deliverables:

  Complete account inventory with risk assessment
  List of immediate actions (deactivate, reduce permissions, enable 2FA)
  Recommended security policies for ongoing account management
  Schedule for next audit: [FREQUENCY, e.g., quarterly]