Hi. How can we help?

Steps to take if your Retail POS (X-Series) account has been compromised

If you have received a password reset email and/or email verification email from Lightspeed that you did not request, your Retail POS may be compromised. If you suspect that someone else might be using your Retail POS account without your permission, here are the steps to secure your Retail POS account.

Step 1: Change your Retail POS password

To prevent your Retail POS account from being further compromised or accessed without your permission, we strongly recommend changing your account password.

Keep your accounts, POS, and other devices secure with strong passwords.
  • Never use default passwords
  • Do not use the same password for multiple accounts
  • Create strong passwords or use passphrases
  • Consider using a password manager
  • Use multi-factor authentication (see step 2)

To change your password, follow the steps below.

Sign in to your Retail POS account

  1. Type "secure.retail.lightspeed.app" into your browser search bar, press enter and click on Sign in at the top right
  2. Enter your store URL and click Next
  3. Enter your username and password and click Sign in
  4. Click Setup then Users and select the user you are changing the password for
  5. Scroll to the Security and ID section
  6. Under Change Password, enter your new password and again in Repeat new password
  7. Click Save changes
  8. Enter your current password in the password field and click Save these changes
    • If you are changing the password for a user other than the one you're logged into, you will need to enter the password for the user you are logged into
  9. The password change is now complete

Can’t sign in to your Retail POS account

If you are unable to gain access to your Retail POS account, complete the steps below to action a password recovery:

  1. On the sign in page, enter your Store URL and click Next
  2. Click Forgot your password?
  3. Enter your username
  4. Enter your username and click Send email
  5. A password reset email will be sent to the registered email address for the username you entered. Log in to this email address and open the email titled Reset your Retail POS password
  6. Click Reset password
  7. Enter your new password again and Confirm
  8. Click Set password
  9. The password change is now complete

Didn’t receive your password reset email? Make sure your email is verified. In your email inbox, look for a “Verify your email” email from us. This would have been sent when you first created your user.

Step 2: Add more security to your Retail POS account

Multi-factor authentication

Multi-factor authentication adds an extra layer of security to your admin user accounts.

When enabled, multi-factor authentication will require the admin user to input their existing password and a one-time password (OTP) generated via an authorized third-party authentication application.

To learn how to set up multi-factor authentication, refer to our Multi-factor authentication (MFA) in Retail POS (X-Series) guide.

Additional security

Download our POS Security guide for more tips on how to secure your store, including:

  • Beefing up physical security
  • Securing your store network
  • Keeping your software and apps in check
  • Safeguarding customer data
  • Ensuring your staff upholds your security standards

Step 3: Secure associated accounts and software

Now that your Retail POS account is secure, we strongly recommend securing any associated accounts and software.

This includes:

  • Change the password for the email your Retail POS account is registered with
  • Change the password for app integrations such as Xero and BigCommerce
  • Update your device's software to the latest version
  • Update your browser to the latest version

If you believe your account has been compromised and you can no longer sign in or use the account recovery function to regain access, contact Retail support immediately to suspend the account and investigate.


Was this article helpful?