What Is Two-Factor Authentication? And How Does It Help Secure Your Business?

Online security breaches are common but you can minimize your risk and protect your business with two-factor authentication. Here’s what you need to know.

Unfortunately, online security breaches are not uncommon these days. That’s why it’s never been more important to ensure all your accounts are as protected as possible.

Strong passwords are important here. (If you have something obvious like “password 1234,” it’s time to change it.) But it’s also a smart idea to enable two-factor authentication on your accounts, which adds a layer of security on top of your password to help prevent unwanted activity.

What is two-factor authentication?

Two-factor authentication (also known as 2FA or multi-factor authentication) requires you to confirm ownership of two separate variables — your password and something else (usually a unique code) — to complete sensitive actions on your account.

Typically you receive a one-time code via email or text message (SMS) as an added verification step. You may have used an authenticator app (like Google Authenticator) that generates 2FA codes on your mobile phone.

Because the codes are different for every single request, two-factor authentication makes it a lot more difficult to hack your accounts (as it’s likely only you have access to your email or mobile device).

At Square, two-factor authentication is required for your most sensitive account changes. For example, when you link a new bank account or reset your password, you are first prompted to log in with your username and password and then required to verify your identity with one-time code sent to your email or with a code from an authenticator app to complete the action.

How do you enable two-factor authentication?

You can opt to enable two-factor authentication in the settings or security sections of most online services (like Gmail, Apple, and Amazon). In addition to the two pieces of information needed to make sensitive changes to your account, Square POS system also allows you to enroll in 2-Step Verification.

With this feature enabled, each time you log in to your Square Dashboard you’re prompted to enter your credentials (username and password) as well as a unique verification code sent via SMS.

How to set up 2-Step Verification for your Square account:

  1. Sign in to your Square Dashboard and go to Account & Settings.
  2. In Personal Information, click the Activate 2-Step Verification button.
  3. Choose whether or not you want to require employees to use 2-Step Verification, and click Next Step.
  4. Choose your 2-Step Verification method: SMS or Authentication App
    SMS: Add your primary mobile phone number and select Next Step. We’ll send you a verification code via text. Enter the code in the prompted field. Click Verify to complete.
    App: Scan the barcode with your authentication app, and click Next Step. Enter the verification code from your app in the prompted field. Click Verify to complete.

If you don’t want to enter a verification code every time you access your Dashboard, check Remember this device for 30 days in the Enter Verification Code prompt the next time you sign in.

How do you enable two-factor authentication?

You can opt to enable two-factor authentication in the settings or security sections of most online services (like Gmail, Apple, and Amazon). In addition to the two pieces of information needed to make sensitive changes to your account, the Square’s POS system also allows you to enroll in 2-Step Verification.

With this feature enabled, each time you log in to your Square Dashboard you’re prompted to enter your credentials (username and password) as well as a unique verification code sent via SMS.

See how to accept omnichannel payments

Accept every payment quickly, easily, and securely.

Two-factor authentication can come in many forms. Once you log in with your password, you may be prompted to verify your identity in these ways:

  • Biometric authentication such as Touch ID or Face ID
  • Authenticator apps
  • Email authentication
  • A physical security key
  • A generated authentication code
  • An authentication code you’ve programmed previously, such as a pin code for a bank account

What is the difference between two-factor authentication and multi-factor authentication?

Both two-factor authentication and multi-factor authentication add a secondary layer of security to your accounts. Two-factor, as described above, includes two layers: a password and a second step of verification in order to login. An account with multi-factor authentication would require two or more steps of identification in order to log into an account. For example, you might use a password to log in, receive a one-time code, and also use a fingerprint. Two-factor authentication is a form of multi-factor authentication but the distinction lies in the latter allowing for additional layers of security beyond the two points of identification.

Multi-factor authentication methods can be categorized as:

  • Knowledge factors: Pieces of information you might already know, such as a username and password combination, answers to a security question, PINs, or the CVV on a credit card.
  • Possession factors: Physical objects you would own, such as a USB token, mobile phone, wireless tags, card readers, or a physical key.
  • Inherence factors: These are things you would have and are unique to you. Biometric authenticators like fingerprint readers or voice recognition would be considered an inherence factor authentication method.

How to set up 2-Step Verification for your Square account:

  1. Sign in to your Square Dashboard and go to Account & Settings.
  2. In Personal Information, click the Activate 2-Step Verification button.
  3. Choose whether or not you want to require employees to use 2-Step Verification, and click Next Step.
  4. Choose your 2-Step Verification method: SMS or Authentication App
  5. SMS: Add your primary mobile phone number and select Next. We’ll send you a verification code via text. Enter the code in the prompted field. Click Verify to complete.
  6. App: Download your authentication app (such as Google Authenticator, Microsoft Authenticator, or Authy), scan the barcode into it, and click Next Step. Enter the verification code generated from your app in the prompted field. Click Verify to complete.
  7. If you don’t want to enter a verification code every time you access your Dashboard, check Remember this device for 30 days in the Enter Verification Code prompt the next time you sign in.

If you required 2-Step Verification for team members, they will receive an email with instructions on how to complete setup. If they do not turn on 2-Step Verification after reading the email, they will be required to the next time they log in to their Square account. If you don’t want to enable 2-Step Verification for your whole team you can still follow the steps above and turn the feature on for employees on an individual basis.

Learn more about how Square protects your business with Square Secure.