Square's Password Policy
Privacy and security are a priority at Square and your account security is our first priority. We want to help you stay safe so you can focus on what really matters – running your business, and helping it thrive.
That’s why we encourage setting a strong, secure password – one that only you know, that would be hard to guess, that keeps you and your business secure.
Password Best Practices
To take all the guesswork out of the process, we’ve outlined some best practices to consider when selecting a password.
Square Password Requirements
We require you to create a password which meets the following requirements:
In addition to the requirements above, if you haven’t used Square in a while, your password will expire, and we’ll require you to change your password the next time you login.
To learn how to reset your password without that email, check out our Reset Your Password article.
A data breach occurs when a bad actor gains access to a system and illegally obtains data from the system. Square has not had a data breach occur, but there have been several highly publicised data breaches from many companies in recent years, exposing data from millions of users.
The information exposed varies in each breach and can include highly sensitive information. Passwords are particularly susceptible to data breaches. It is high probability that once any data is obtained, it is shared publicly as well as sold to other fraudsters and bad actors. Once a password is exposed in this manner, it’s considered compromised.
Fraudsters can use lists of compromised email addresses and passwords to attempt brute force attacks across various providers, including Square. If a fraudster gains access to your account in this manner, we call it an Account Take-Over (ATO). We are constantly monitoring for ATO and we take immediate steps to protect you should we suspect this has occurred, but our goal is to prevent ATO from happening to you at all. The best defence is to ensure that your password is secure.
To protect you, Square partners with a third party service provider which provides a database of all of the email addresses compromised in public data breaches. Using their database, we can identify which accounts may be using a compromised password. For your protection, Square will not allow you to set your password to one which was compromised publicly and we may require you to reset your password if it is identified as compromised.