Table of contents
Unfortunately, online security breaches are not uncommon these days. From phishing emails to opportunistic digital fraud, cyber-attacks are a growing threat for businesses. That’s why it’s never been more important to ensure all your accounts are as protected as possible.
Strong passwords are important here. (If you have something obvious like “password 1234,” it’s time to change it.) It’s also a smart idea to enable two-factor authentication on your accounts, which adds a layer of security on top of your password to help prevent unwanted activity.
Enabling two-factor authentication for your business could make the difference when it comes to protecting company information over email, financial records, or other sensitive information that could affect your business negatively if it fell into the wrong hands.
What is two-factor authentication?
Two-factor authentication (also known as 2FA) requires you to confirm ownership of two
separate variables — your password and something else (usually a unique code) — to complete sensitive actions on your account. This is the second layer of security and does not replace passwords.
Typically you receive a one-time code via email or text message (SMS) as an added verification step. You may have used an authenticator app (like Google Authenticator) that generates 2FA codes on your mobile phone. Because the codes are different for every single request, two-factor authentication makes it a lot more difficult to hack your accounts (as it’s likely only you have access to your email or mobile device).
At Square, two-factor authentication is required for your most sensitive account changes. For example, when you link a new bank account or reset your password, you are first prompted to log in with your username and password and then required to verify your identity with a one-time code sent to your email or with a code from an authenticator app to complete the action.
So how could this extra layer of security protect your business in real life? Let’s say an unauthorised person has access to your Square login and logs onto your account. They could make changes on your behalf as though they were you, making those changes harder for you to catch. The account would not discern between yourself or this unauthorised person. If your two-factor authentication is enabled, a code would be sent to you to verify this unexpected login, letting you know that someone other than you is attempting to access your account.
Why should you enable two-factor authentication?
Enabling two-factor authentication can reduce the likelihood of account takeovers. What this means for your business is that you can mitigate the burden hacks and security issues put on your team from fighting chargebacks to losing reputation and brand trust. If a bad actor gains access to your Square account, they could change where your funds are deposited and make point-of-sale transactions as though they were the business owner. Fraudsters may be interested in targeting business accounts for many reasons, including acquiring more data, committing financial fraud, and initiating spam, ransom, or phishing attacks.
How do you enable two-factor authentication?
You can opt to enable two-factor authentication in the settings or security sections of most online services (like Gmail, Apple, and Amazon). In addition to the two pieces of information needed to make sensitive changes to your account, the Square POS system also allows you to enroll in 2-Step Verification.
With this feature enabled, each time you log in to your Square Dashboard you’re prompted to enter your credentials (username and password) as well as a unique verification code sent via SMS.
Two-factor authentication can come in many forms. Once you log in with your password, you may be prompted to verify your identity in these ways:
- Biometric authentication such as Touch ID or Face ID
- Authenticator apps
- Email authentication
- A physical security key
- A generated authentication code
- An authentication code you’ve programmed previously, such as a pin code for a bank account
What is the difference between two-factor authentication and multi-factor authentication?
Both two-factor authentication and multi-factor authentication add a secondary layer of security to your accounts. Two-factor, as described above, includes two layers: a password and a second step of verification in order to log in. An account with multi-factor authentication would require two or more steps of identification in order to log into an account. For example, you might use a password to log in, receive a one-time code, and also use a fingerprint. Two-factor authentication is a form of multi-factor authentication but the distinction lies in the latter allowing for additional layers of security beyond the two points of identification.
Multi-factor authentication methods can be categorised as:
- Knowledge factors: Pieces of information you might already know, such as a username and password combination, answers to a security question, PINs, or the CVV on a credit card.
- Possession factors: Physical objects you would own, such as a USB token, mobile phone, wireless tags, card readers, or a physical key.
- Inherence factors: These are things you would have and are unique to you. Biometric authenticators like fingerprint readers or voice recognition would be considered an inherence factor authentication method.
How to set up 2-Step Verification for your Square account
- Sign in to your Square Dashboard and go to Account & Settings.
- In Personal Information, click the Activate 2-Step Verification button.
- Choose whether or not you want to require employees to use 2-Step Verification, and click Next Step.
- Choose your 2-Step Verification method: SMS or Authentication App
- SMS: Add your primary mobile phone number and select Next. We’ll send you a verification code via text. Enter the code in the prompted field. Click Verify to complete.
- App: Download your authentication app (such as Google Authenticator, Microsoft Authenticator, or Authy), scan the barcode into it, and click Next Step. Enter the verification code generated from your app in the prompted field. Click Verify to complete.
- SMS: Add your primary mobile phone number and select Next. We’ll send you a verification code via text. Enter the code in the prompted field. Click Verify to complete.
If you don’t want to enter a verification code every time you access your Dashboard, check Remember this device for 30 days in the Enter Verification Code prompt the next time you sign in.
If you require 2-Step Verification for team members, they will receive an email with instructions on how to complete setup. If they do not turn on 2-Step Verification after reading the email, they will be required to the next time they log in to their Square account. If you don’t want to enable 2-Step Verification for your whole team you can still follow the steps above and turn the feature on for employees on an individual basis.
Learn more about how Square protects your business with Square Secure.