We know your business relies on the safety and accessibility of your Square account, and we take our role in helping protect your business information seriously.
Over the past few months we’ve rolled out a number of features to help enhance the security of your account. Here’s what we’ve changed to help make your Square account as secure as possible:
Retiring security questions
We’re all familiar with those somewhat personal, somewhat random questions that have been associated with account security across a variety of online services. These “security questions” were an optional feature we’ve had for years to help protect accounts from unauthorised access. Many websites for critical services — like banks, utilities, and marketplaces — still use security questions before resetting your password or to verify your identity when they think it may not be you.
However, as your personal information becomes more and more accessible via public records and social networks, the answers to these questions are more easily found online, essentially eliminating their effectiveness as a security feature. Additionally, many times the answers to these questions can be easily forgotten or responses may change over time (such as your favorite movie or your pet’s name), meaning that security questions have become a common source of seller confusion and frustration.
With all that in mind, we’ve decided to retire questions once and for all. We’re not the first to do away with security questions: Google dropped them in 2014. As we wind down security questions, we’re transitioning sellers to the more secure two-factor verification approach (read more below).
Two-factor verification is one of the best ways (PDF) to help ensure that only you can access your account. Two-factor verification uses both something you know (a password), and something you have (your device) to confirm it’s you before you can log in.
After enabling 2-Step Verification for your Square account, to sign in you first need to enter the password associated with your account. Once that has been accepted, you’re prompted to enter a one-time code via either SMS or Google Authenticator (Android, iOS) before finally logging in to the system. With this approach, even if your password is stolen, a malicious actor can’t access your account unless they also have access to your phone.
Verification for authorised representatives
We know that every now and then you or someone on your team may need to call in to Square Customer Success for help or questions about your account. Now, Square allows account owners to add and manage Authorised Representatives in the Account & Settings section of their Square Dashboard, and to designate these trusted individuals as people who are able to discuss account-specific information with our Customer Success team.
From a security standpoint, we’ve gone one step further and introduced a dynamic authentication feature before Customer Success can discuss account information with your Authorised Representative. Similar to the SMS-based 2-Step Verification flow, we require you to register the representative with their email and phone number, and when they call in to support, we send them a one-time verification code before they can proceed.
We’re always hard at work building additional security features for all our customers, so keep an eye out here for more updates and make sure to use security best practices to keep your account safe.