We know your business relies on the safety and accessibility of your Square account, and we take our role in protecting your business information seriously.
Over the past few months we’ve rolled out a number of features to enhance the security of your account. Here’s what we’ve changed to help make your Square accounts as secure as possible:
Retiring security questions
We’re all familiar with those somewhat personal (sometimes random) questions associated with account security online. These ‘security questions’ were an optional feature Square used to help protect accounts from unauthorised access. Many websites for integral services — like banks, utilities and marketplaces — still use security questions before resetting your password or when verifying your identity if there’s a chance it may not be you.
However, as your personal information becomes more and more accessible via public records and social networks, the answers to these questions can be more easily found online. Naturally, this eliminates their effectiveness as a security feature. The fact that the answers to these questions also lose their relevance over time — or are simply forgotten — means that security questions have become a common source of confusion and frustration.
With all that in mind, we decided to retire security questions once and for all. We’re not the first to do away with them, as Google dropped them in 2014. In their wake, we’re transitioning all our sellers to the heightened security of two-factor verification.
Two-factor verification is one of the best ways to ensure that nobody but you can access your account. It uses something you know (a password) and something you have (your device) to confirm your identity at the point of login.
How to use two-factor verification
To sign in after enabling 2-factor verification for your Square account, you first need to enter the password associated with your account. Once that has been accepted, you’ll be prompted to enter a unique, one-time code via SMS or Google Authenticator (Android or iOS) before finally logging in to the system. With this approach, even if your password is stolen, the perpetrator can’t access your account unless they also have access to your phone.
Verification for authorised representatives
Every now and then, you or someone on your team may need to call Square Customer Services with questions about your account. Square now allows account owners to add and manage Authorised Representatives in the Account & Settings section of their Square Dashboard. You may also assign these trusted individuals with the permissions to discuss account-specific information with our Customer Services team.
The security of your business is our business, and we’ve gone one step further to introduce a dynamic authentication feature before Customer Services can discuss account information with your Authorised Representative. Similar to the SMS-based 2-factor verification flow, we require you to register the representative with their email and phone number. When they call in to support, we’ll send them a one-time verification code before they can proceed.
We never stop building additional security features for all our customers, so keep an eye out here for more updates — and make sure to use internet security best practices to keep your account safe.