Square's Password Policy
Privacy and security are a priority at Square and your account security is our first priority. We want to help you stay safe so you can focus on what really matters – running your business, and helping it thrive.
That’s why we encourage setting a strong, secure password – one that only you know, that would be hard to guess, that keeps you and your business secure.
Password Best Practises
To take all the guesswork out of the process, we’ve outlined some best practises to consider when selecting a password.
Make your password memorable and specific: Choose something only you know, that you’ll be sure to remember.
Select a password that’s unusual: Choose a word or phrase that’s uncommon, or would be hard to guess – for example, if you love dogs, a password like ‘CorgiesAreSOCute!’ is stronger than ‘puppies’.
Use a combination of characters: The strongest passwords have a combination of upper-and-lower-case letters, numbers, and even non-numeric characters, like exclamation points or question marks.
Use different passwords for each of your accounts: Don’t use the same password for more than one account – that way, if an account does get hacked, the hacker won’t have access to every account you own.
Square Password Requirements
We require you to create a password which meets the following requirements:
- Is at least 8 characters long.
- Does not use a common word, phrase or string. (For example, don’t use “Password” as your password!).
- Is not one of your last 3 passwords, or a password you have used in the last 30 days with Square.
- Has not been compromised through a data breach of a 3rd party. (See Password Safety below for more information)
In addition to the requirements above, if you haven’t used Square in a while, your password will expire, and we’ll require you to change your password the next time you login.
To learn how to reset your password without that email, check out our Password article.
A data breach occurs when a bad actor gains access to a system and illegally obtains data from the system. Square has not had a data breach occur, but there have been several highly publicised data breaches from many companies in recent years, exposing data from millions of users.
The information exposed varies in each breach and can include highly sensitive information. Passwords are particularly susceptible to data breaches. It is high probability that once any data is obtained, it is shared publicly as well as sold to other fraudsters and bad actors. Once a password is exposed in this manner, it’s considered compromised.
Fraudsters can use lists of compromised email addresses and passwords to attempt brute force attacks across various providers, including Square. If a fraudster gains access to your account in this manner, we call it an Account Take-Over (ATO). We are constantly monitoring for ATO and we take immediate steps to protect you should we suspect this has occurred, but our goal is to prevent ATO from happening to you at all. The best defence is to ensure that your password is secure.
To protect you, Square partners with a third party service provider which provides a database of all of the email addresses compromised in public databreaches. Using their database, we can identify which accounts may be using a compromised password. For your protection, Square will not allow you to set your password to one which was compromised publicly and we may require you to reset your password if it is identified as compromised.