Security

Protect your account with strong passwords, support access controls, and good hygiene.

Last updated May 8, 2026

Your Merch account holds order history, payment methods, and access to your team. A few simple habits keep it locked down.

#Where to find security settings

Open Settings in the side nav and choose Security.

#Use a strong, unique password

Your sign-in password should be:

  • At least 12 characters long
  • Unique — not used on any other site or service
  • Generated by a password manager when possible

If you suspect your password has been seen by anyone else — for example, you typed it on a shared screen or pasted it into the wrong window — change it now. Use Forgot password on the sign-in screen, or reset it from your profile.

#Support access

Sometimes the Merch support team needs to look at your account to help diagnose an issue. The Security page has a Support Access toggle that lets you grant temporary read access for a chosen window — 1 hour, 4 hours, 24 hours, 3 days, or 7 days.

Support access:

  • Is off by default — you have to grant it
  • Expires automatically when the window ends
  • Is fully logged — every action is recorded
  • Can be revoked at any time

Use the shortest window that gets the issue solved.

#Sessions and sign-outs

You can be signed in on multiple devices at once — laptop, phone, tablet. If a device is lost or you are signing in on a borrowed machine, sign out from the avatar menu when you are done.

If you suspect your account is compromised, change your password right away. That signs out every active session and forces a fresh sign-in everywhere.

#Watch for phishing

Real Merch emails come from @merch.com addresses. We will never:

  • Ask you to email your password
  • Ask you to share full credit card numbers
  • Send you to a non-merch.com URL to sign in

If something feels off, check the sender domain and forward the email to your account team. Better paranoid than sorry.

#Keep your team list current

When a teammate leaves, remove them from the Users page so their sign-in stops working immediately. See Team and users.

#API keys count too

If you use the API, treat keys with the same care as passwords. See API keys and integrations for rotation and storage guidance.

Ready to elevate your merch?

Custom design, production, campaigns, and global fulfillment — one partner, zero platform fees. Your custom proposal in 24 hours.

Get Started