E-commerce
June 30, 2026
"My password is no longer working." "I am not receiving the code." "My orders have disappeared." These tickets often arrive after a successful purchase, when the client wants to track their order or make another purchase. This is not always a bug: it is a misdiagnosed connection error.
Baymard notes that 82% of sites impose complex password rules, which are a source of abandonment for up to 18% of returning clients (Baymard, password requirements 2025). 34% of sites redirect users to the wrong page after login or reset (Baymard, login flows). Shopify is migrating towards passwordless customer accounts using a 6-digit code (Shopify, new customer accounts).
This guide #294 covers customer service support for connection errors: diagnostics, macros, legacy vs OTP, order history. It complements guest vs account (#293) and account bot (#295) with a focus on the daily human process.
Summary
Why do connection errors cost sales and support tickets?
Login is the entry point to self-service: orders, returns, addresses, repurchasing. When it fails, the customer writes to the chat, opens a dispute, or abandons their current cart.
Three critical moments
Post-purchase: "Where is my order?" blocked on login
Repurchasing: returning customer, forgotten password
Logged-in checkout: reset requested at the wrong time
Measurable impact
MojoAuth estimates that 78% of users forget their password at least once a month, and that a reset request during checkout pushes a large portion of customers to abandon (MojoAuth, friction reset 2026). Every login ticket not resolved on first contact costs 6 to 14 minutes of agent time.
Legacy vs new accounts in 2026
Shopify is deprecating legacy accounts (email + password) in favor of passwordless OTP. Support needs to be familiar with both systems as long as the migration is not complete (Shopify Dev, legacy 2026).
How does it differ from the guest (#293) and the bot account (#295)?
Three neighboring pieces of content, three levels of intervention.
Guest vs Account (#293)
Guest vs Account (#293): guest lookup, profile merger, post-purchase activation. #294 intervenes when the customer tries to log in and fails.
Checkout Bot (#292)
Checkout Bot (#292): intent chk_acct_login in-tunnel. #294: complete customer service resolution after failure, admin reset, OTP.
Account Bot (#295)
Account Bot (#295): order lookup and post-login preferences. #294 documents the agent process and LOGIN macros before automation.
Global Self-service
Self-service Guide: portal. #294 zooms in on auth and invisible history.
Promise #294
LOGIN taxonomy, diagnostic tree, reset/OTP macros, admin procedures, order history, KPI.
Which connection error taxonomy should be mapped?
Code each ticket for analytics, macros, and agent training.
Legacy password (`login_pwd_*`)
login_pwd_forgot: forgotten passwordlogin_pwd_invalid: “incorrect credentials”login_pwd_reset_fail: expired or invalid reset linklogin_pwd_complex: rules too strict, creation rejected
Passwordless OTP (`login_otp_*`)
login_otp_not_received: missing 6-digit codelogin_otp_expired: expired codelogin_otp_spam: email in spam/junklogin_shop_confusion: Shop Pay vs shop account
Email and profile (`login_email_*`)
login_email_typo: wrong email at checkoutlogin_email_change: login address changelogin_email_no_account: “no account found”login_email_duplicate: 2 profiles, partial history
History (`login_history_*`)
login_history_empty, login_history_partial, login_history_wrong_account. Tags: login_resolved, login_escalated.
Which diagnostic tree should be applied in 4 questions?
Before taking any admin action, the agent asks 4 questions to route the ticket in 60 seconds.
Question 1: legacy or new accounts?
Check Settings → Customer accounts. Legacy: password form. New: OTP code by email. Do not send a password reset if the shop is passwordless.
Question 2: does the profile exist?
Shopify admin → Customers → search email. Results: active profile, guest without activation, no profile (pure guest checkout), duplicate.
Question 3: order linked to which email?
Orders → filter email. The customer logs in with personal@ but ordered with work@: "empty" history even though the orders exist.
Question 4: urgency?
WISMO Day 0, return deadline, ongoing checkout cart: prioritize guest lookup or magic link over long reset. See guest lookup (#293).
Quick decision matrix
No profile + order found → guest lookup + account invitation. Profile + legacy + forgot pwd → LOGIN-RESET-01. Profile + OTP + missing code → LOGIN-OTP-01. Empty history + 2 emails → merge profiles section 6.
How do I handle a forgotten password on legacy accounts?
As long as legacy remains active, password reset remains a major ticket volume driver.
Process LOGIN-RESET-01
Confirm account email (not the chat email if different)
Guide to "Forgot Password" on /account/login
If failed: Shopify admin → Customer → Send account invite or reset password
Check spam + 5 min delay + domain whitelist
Post-reset: redirect to orders page, not homepage (Baymard: 34% bad redirection)
Macro LOGIN-RESET-01
"Hello {{first_name}}, click "Forgot password" here: {{login_url}}. Reset email within 5 min (check spam). Link valid for 24 hours. After logging in, your orders: {{account_orders_url}}. Need support? Reply with screenshot."
Recurrent login_pwd_invalid case
Often auto-capitalization, old password, or account never activated. Suggest account invite instead of a 3rd reset. Baymard: complex requirement policies yield up to 18% recurrent customer abandonment.
Forbidden
Communicating or modifying the password in plain text via chat. Never send temporary passwords via unencrypted email.
How to unlock OTP and Shop login on new accounts?
New Shopify accounts use a 6-digit code sent by email, without a password (Shopify).
Process LOGIN-OTP-01
Confirm exact email (common typos: gmail.com vs gmial.com)
Ask to wait 2 min + check spam/promotions folder
Suggest "Log in with Shop" if Shop Pay is active
Test another browser or device (cache, blocker)
If persistent: check admin profile, resend invitation, technical escalation if email domain is blocked
Macro LOGIN-OTP-01
"Enter {{email}} on {{login_url}}. 6-digit code within 2 min. Check spam and Promotions tab. On iPhone, the code can auto-fill. Alternative: "Continue with Shop" if you have Shop Pay."
login_shop_confusion
The customer is confusing the Shop account (payment) and the store's customer area. Macro: "Shop speeds up checkout. For your {{store_name}} orders: {{account_url}} with email {{order_email}}."
Migration legacy → new
Communicate in advance: "No more password, code by email at each login (365-day session)." No7 Software estimates up to 35% fewer login tickets post-passwordless-migration (No7 Software 2026).
What to do when the order history is empty or incomplete?
"My orders have disappeared" is often an email issue, not a loss of data.
Common causes login_history_*
Wrong login email: personal vs work, spouse vs buyer
Guest orders: not linked to the profile until activation
Duplicate profile: history split across 2 profiles
Account never activated: profile created, zero login
Marketplace / channel: Amazon order not synced to web account
Process LOGIN-HIST-01
Lookup orders by proposed email(s) + name
Identify "source of truth" email with the most orders
Merge profiles if duplicate (merge #293)
Send activation invite to the source email
Confirm history is visible post-login
Macro LOGIN-HIST-01
"Your orders are registered under {{order_email}}, not {{login_email}}. Log in with {{order_email}}: {{login_url}}. We will merge your profiles if needed. Recent order #{{order_number}} visible after login."
Redirect post-login
After reset or OTP, redirect to /account/orders or the current order, not the homepage. Reduces "I still don't see anything" tickets.
Which Shopify admin actions to unlock the login?
Level 2 support has admin levers without touching the code.
Actions per case
Send account invite: existing profile, never activated
Reset password: legacy only
Merge customers: duplicates, split history
Update e-mail: after L3 identity verification
Disable / enable account: fraud or activation error
Identity verification before action
L1: email + order number. L2: + postal code or amount. L3: + last 4 digits of the card for email change or merge. See levels #293 escalation section.
Merge limits
Active subscription, vaulted card, B2B: merge not possible. Document and escalate to ops.
OTP message customization
Online Store → Themes → Default content → Customer accounts: adapt the copy "Verify your email for the code" to the brand voice. Incognito testing is mandatory before high traffic.
Where should the bot and the human be placed on login tickets?
Login touches on identity: the bot helps, the human decides on sensitive cases.
Bot / L1 auto OK
Send LOGIN-RESET-01 or LOGIN-OTP-01, login link, spam advice, explain Shop vs shop account, guest lookup if no profile.
Immediate Human
Email change, profile merger, third-party account access, suspected fraud, VIP customer blocked at checkout, enterprise @ with anti-spam filter, GDPR deletion request.
Clean handoff
Forward: account type (legacy/OTP), tested emails, orders found in admin, macros already sent. See bot-to-human handoff and mobile-first (iOS OTP auto-fill).
Anti-pattern
Reset loop without checking if profile exists. Three consecutive resets = escalation + source email diagnostic.
Which KPIs should be measured for login tickets?
Measure the first contact resolution for login, not just the volume.
Monthly KPIs
Login ticket rate: login_* tickets / orders
FCR login: resolved without escalation / total login
Time-to-resolve: median < 8 min L1
OTP vs pwd split: volume by account type
History fix rate: login_history_* resolved by merge or correct email
Repeat login 7 d: same customer contacts again (process failure)
Monthly review
Top intents without macro → write LOGIN-*. If login_otp_not_received spikes: email deliverability audit (SPF, DKIM). Cross-reference with the weekly friction report.
How does Qstomy speed up the resolution of login errors?
Qstomy detects login intents, sends contextualized macros, and prepares handoff with Shopify lookup.
Capabilities
login_pwd_*, login_otp_*, login_history_* intents. Legacy vs OTP detection via shop config. Profile lookup + orders by email. Auto-filled LOGIN-RESET/OTP/HIST macros. login_resolved tag. Escalation with tested emails and admin orders.
DTC Case Study
DTC mode, migration to new accounts completed, 740 orders/month. Before: 48 login tickets/month, FCR 52%, 11 min median. Qstomy deployment + 5 LOGIN macros + section 4 diagnostic tree. After 8 weeks: tickets 48 → 31/month (−35%), FCR 78%, median 4 min, 7-day repeat login −41%, login CSAT +0.6 pt.
See Shopify, AI support, demo.
Which playbooks should be used to structure the connection customer service?
Playbook 1: login audit (2 h)
Export 60 days of "password", "login", "code", "missing orders" tickets. Classify in section 3 taxonomy. Note legacy vs OTP.
Playbook 2: LOGIN macros (3 h)
Draft LOGIN-RESET-01, LOGIN-OTP-01, LOGIN-HIST-01. Test 20 verbatims. Variables: login_url, order_email, account_orders_url.
Playbook 3: diagnostic tree (1 h)
Display section 4 in Notion helpdesk. Train L1 on 4 questions before admin action.
Playbook 4: user journey test (2 h)
Incognito: forgot password (legacy) or OTP (new). Verify post-login redirect to orders. Correct theme copy if there is confusion.
Playbook 5: OTP deliverability (1 d)
If login_otp_not_received > 15% volume: SPF/DKIM audit, test Gmail/Outlook/Orange. Whitelist Shopify notifications domain.
Useful links
This week: take the last 10 "password" or "code received" tickets. How many would have followed the 4-question tree without escalation? If fewer than 6, train L1 on LOGIN-OTP-01 or LOGIN-RESET-01 depending on your account type.

Enzo
June 30, 2026





