Square takes your security seriously.
Two-step verification is an extra, free layer of security to help prevent account breaches that can lead to misdirected seller payouts and other financial losses.
FOR YOUR SECURITY
100%
prevention from automated bot attacks with two-step verification.
96%
effectiveness against bulk phishing attacks with two-step verification.
An account takeover (ATO) happens when your login credentials are compromised by an unauthorized party to commit fraud. If our system detects unusual activity, we suspend all transfers to your bank account until we can make sure everything is normal.
This usually takes one business day to complete, so it’s essential we protect you from fraud altogether. A study by Security.org shows the average successful ATO incurs losses of around $12,000.
Prevention is the best defence.
“The more layers of security you have to protect your financial information the better.”
Ryan, R&R Coffee Café
Set up 
two-step verification.
- Enrol in two-step verification on your next login.
- Enter the verification code from your mobile phone.
- Securely use your account. You can choose to remember your device for 90 days.
Set up two-step verification.
FAQs
You can set up multiple cell phone numbers as eligible two-step verification methods. While we recommend setting up a free individual account for each employee rather than sharing account email addresses and passwords, we recognize that’s not always practical.
Add additional phone numbers to your existing account:
Update two-step verification phone numbersSet up additional employee accounts and enable two-step verification (recommended method):
Get started with Square Team ManagementCreating individual employee accounts for each member of your staff is recommended. You can then enable Business two-step verification for those employees.
Get started with Square Team Management
Enable Business two-step verificationFrom a security perspective, an email address as a verification method is not recommended. Across the industry, there are many instances where users will use the same password for their email account as their other online accounts. And when a bad actor has access to one password, it unlocks both the service itself and the email inbox where the verification code is sent.
Soon, you’ll be able to receive two-step verification codes via a voice call.
We recommend using a third-party Authenticator app: Google Authenticator, Microsoft Authenticator or Authy as an alternative or a secondary backup method for sellers.
We are exploring stronger authentication methods such as Yubico keys and on-device prompts, but for now we recommend using a third-party Authenticator app: Google Authenticator, Microsoft Authenticator or Authy.
Choose a unique password for your Square account and confirm the email address and phone number associated with your Square account are up to date. We’ll notify you if we detect new or unusual activity. Be watchful of suspicious emails that look like they came from Square – they could be phishing scams.
What is an account takeover?
Choosing a Square Account password
Protect yourself from scams and fraud