...
Mandatory Two-Factor Authentication (2FA):
All CMS users must authenticate using both:A password (email + password)
A Time-Based One-Time Password (TOTP), generated through an authenticator app installed on a mobile device.
See: CMS User Login with Two-factor Authentication
Password Requirements:
Seller accounts are subject to strict password policies:Minimum length: 8 characters
At least one uppercase character (A–Z)
At least one lowercase character (a–z)
At least one non-alphanumeric character (e.g., !, @, #)
...
Third-Party Login (Microsoft, Google, Facebook)
See: Facebook Single Sign-on, Google Sign In, Microsoft Azure AD SSOMagic Link Login (a one-time secure login link sent via email)
Traditional Email + Password Login
...
Password Policies:
Sellers can set specific rules such as:Password expiration (in days)
Minimum password length
Minimum uppercase/lowercase requirements
Numeric character requirements
Restrictions on password reuse frequency
See: User Password Rules
Session Management:
Sellers can actively manage buyer sessions for added security:- Login Retry Limits: define how many retries buyers have before their accounts are locked, and how long they remain locked for
See: Login Limits & Lockouts Force Logout: Sellers may lock a buyer, immediately ending all active sessions and requiring re-login.
Password Reset Impact: When a buyer resets their password, all other active sessions are automatically ended.
- Login Retry Limits: define how many retries buyers have before their accounts are locked, and how long they remain locked for
...