Most large organizations have an IT Team to implement best practices and policies. But many small business do not. And probably do not know what best practices or policies to follow. Hackers are extremely cleaver. As a small business owner, you really should understand what MFA is. MFA stands for Multi-factor Authentication. This means that you need two forms of evidence to prove who you are online. Generally, this means you need a password (which is something you know) and something else (something you have like your phone).
When MFA is turned on, you will be required to enter your password. Then after entering your password, you will need to enter a special code you receive from a SMS (text) message or using an Authenticator App to finish logging in. It is slightly annoying since it adds an additional step when logging in. But it secures your “Owner” account in Square.
Why turn on 2-Step Verification
A hacker or employee can sometimes easily get your account info (ie: Username and Password). Probably because your password is something simple like the name of your favorite coffee. This person logs into your Owner account and changes your email and password. This person then changes your Bank Account Info. This has to be verified but it can take only a few minutes or several days. Once the bank account is verified, the person precedes to do a transfer immediately to the new bank account. Within a few minutes you could potentially lose a large sum of revenue for your small business.
Is this scenarios possible? Yes. Have I heard of it happening? No. Does Square have ways to prevent this? They have email alerts but you need to have them turned on. Plus you need to check your emails regularly.
If the person times this to happen when you are on vacation or traveling, you probably won’t get these alerts in a timely fashion.
This is not related to Square but shows how cleaver hackers are getting. My one friend lost a very large amount of money. He set up direct deposit for payment from his client. The next day a hacker called his client and changed the bank account for the direct deposit. The client changed it EVEN though there were red alerts stating the new bank account was fraudulent. Also, who sets up a direct deposit and calls back the next day stating they changed banks and need to change the direct deposit. Very unlikely scenario. The client failed in many ways. Hackers are working every angle to steal your money so it is up to you to protect yourself.
SMS vs Authentication App
With Square, you will have two options when turning on 2-Step Verification: SMS or Authentication App.
DO NOT USE SMS. Unfortunately SMS (text messaging) can easily be hacked! They are easier to use but using an Authentication App is more secure. It is highly recommended that you use an Authenticator App. SMS Messages can actually be easily hacked especially if a person is targeting you.
Here is a link about hacking SMS:
How to turn on 2-Step Verification
Log into your Square account. Then hover over your business name in the top right of your Square Dashboard. Next, tap “Account Settings”.
In account settings, you will see a section that looks like this:
Before starting, make sure you already have an Authenticator App on your phone. Microsoft and Google have an Authenticator App in the App Store and Play Store. To install the app, open “App Store” or “Play Store” on your phone and search for Authenticator. It is really up to your preference which one you want to use. I like Microsoft Authenticator. Here are links just in case you need them:
- https://apps.apple.com/us/app/microsoft-authenticator/id983156458
- https://apps.apple.com/us/app/google-authenticator/id388497605
- https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_US&gl=US
- https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en_US&gl=US
Now, tap “Enable 2-Step Verification” and follow the instructions provided by Square. It is pretty simple process if you are used to it. But just incase you are not, I’ll walk you through it here. First you will pick your verification method. I am selecting “Authenticator App”. On you iPhone or Android Phone, open your Authenticator App. In Microsoft Authenticator. tap the “+” sign in the top sight corner. Then tap “Other”. Position the camera over the “QR” Code in step 2 below. Once you do this it will automatically add the 2-Step Authentication. Then you will have a “Square” authenticator added. This will show you a code that constantly changes. You will need to type that code into the next step. After doing that, then click “Verify”. You now have 2-Step Verification setup.
After you scan the QR code with your phone, Square should be added to your list of Authenticators. The code constantly changes. It is what you will use to verify with in the step above. it will also be the code you use when you log into Square.
Next time you log in
Next time you log into Square you will have to enter your verification code again from your “Authenticator” App. Make sure you remember where that app is on your phone. First you will have to login as normal.
After you click “Sign In”, you will have to type in the code from your Authenticator app. Make sure you use the code associated to Square and the account you are logging into.
Conclusion
Using 2-Step Verification will help protect you from possible hackers or employees breaking into your owner account. Now that you know how to do this with Square, try seeing if your bank will also allow you to setup 2-Step Verification with them. If so, it would be a good idea to do that on your bank accounts too. Just in case…
References:
- https://squareup.com/help/us/en/article/5593-2-step-verification?utm_medium=web&utm_source=dashboard
- https://www.pingidentity.com/en/company/blog/posts/2017/what-is-multi-factor-authentication-mfa.html
Doylestown Coder 