Solved: How to get Square to STOP asking if I want two fac...

RoasterChica · ‎08-04-2022

It's beyond annoying that Square continues to ask me if I want to enable two -factor authentication to protect my account when I've already told it NO so many times. This feature does NOT work when the owner is offsite and the code is sent to the shop phone instead of my phone. How can I disable this??

Also, as general feedback, the captcha I keep getting when trying to log in on my iphone is also extremely annoying. You can barely make out some of the photos and it wastes valuable time.

ryanwanner · ‎08-07-2022

@RoasterChicaYou can update your TFA call list on the dashboard: Account & Settings -> Account -> Personal Information. The 2-step verification section is in the middle of the page. Use the "Add SMS number" link to add numbers.

I do agree that the TFA nag is quite annoying, but I do believe it's for the right reasons: with all the financial information at our fingertips as merchants, we're an easy target for hackers. If they were to get in deep to the Square system through one of us not paying attention to security, can you imagine the damage they could do to every merchant on this network? *shudder*

Once your systems are configured correctly though (definitely check the updates!), the only time TFA comes into play is if one of your devices gets logged out after a 30 day window. If your devices stay logged in, you will have to play with the TFAs once in a blue moon.

Ryan Wanner
Golden Pine Coffee Roasters
Colorado Springs, CO, USA

Super Seller: I know stuff.
Beta Tester: I break stuff.
he/him/hey you/coffee guy/whatever.

Happy Selling!

View Best Answer >

MimiW · ‎05-01-2023

Hi @scottiespizza,

Thanks for your feedback. I recommend a couple possible options for you:

You can create a new Team Member account for your employees to use. As long as this account is not granted Full Access privileges, it will not see the 2-step verification prompt. They should be able to adjust fulfillment settings with this limited access team member account. (Recommended)
If there are only a few employees that you trust with your owner account, you can have them add their phone numbers as valid 2-step verification numbers. So when they login, they can select their own number from a drop-down list, send the SMS code there and won't have to bother you.

Feel free to send me a private message if you have more specific questions on setting this up, I'm happy to help.

Thanks,

Mimi

Mimi W.
Product Manager, Square
Get help in our Support Center

View Best Answer >

ryanwanner · ‎08-04-2022

Hey @RoasterChica !

You can disable TFA from your dashboard -> Account & Settings -> Account -> Personal Information

But I highly recommend against it. The more layers of security you have to protect your financial information the better.

The only reason TFA would be needed in your store(s) would be if your register gets signed out of your account. There really is no reason for that to happen regularly: I keep my tablets on and signed in 24/7. If for some reason the tablet gets signed out and it's been over 30 days since my last sign in, yeah, I expect a TFA check. If it's under 30 days there shouldn't be any checks at all.

I agree that the Captcha is a genuine pain in the bum, but I haven't had to solve a captcha in about a week now. Check to make sure you are running the latest version of both your app and your operating system. Square has been doing a lot of security updates around logins recently, and if your app isn't updated it may be confusing itself. This could be the cause of the repeated signing off, TFA, and Captcha screens.

And for TFAs for your store, you can also add a trusted manager's phone number to the TFA list. That way they can choose their number if they need to sign back in and not bother you and/or tie up the shop phone.

Hope this helps!

Ryan Wanner
Golden Pine Coffee Roasters
Colorado Springs, CO, USA

Super Seller: I know stuff.
Beta Tester: I break stuff.
he/him/hey you/coffee guy/whatever.

Happy Selling!

RoasterChica · ‎08-07-2022

Hi @ryanwanner I genuinely appreciate your reply as nobody from Square cared to respond.

I already HAVE disabled the TFA though, but most times I go to sign on (usually with my iphone) and it continues to ask me if I want to enable it. This is akin to harassment if anyone from Square is listening. When a person says "no" once, why do they continue to browbeat a customer into accepting an unwanted feature??

I may consider it if I could have multiple phone number contacts in there for the "TFA list" but I cannot find where you would put in that information. Could you kindly point me in the right direction so I could check it out?

I will also verify that all systems are updated; very good suggestion there.

ryanwanner · ‎08-07-2022

@RoasterChicaYou can update your TFA call list on the dashboard: Account & Settings -> Account -> Personal Information. The 2-step verification section is in the middle of the page. Use the "Add SMS number" link to add numbers.

I do agree that the TFA nag is quite annoying, but I do believe it's for the right reasons: with all the financial information at our fingertips as merchants, we're an easy target for hackers. If they were to get in deep to the Square system through one of us not paying attention to security, can you imagine the damage they could do to every merchant on this network? *shudder*

Once your systems are configured correctly though (definitely check the updates!), the only time TFA comes into play is if one of your devices gets logged out after a 30 day window. If your devices stay logged in, you will have to play with the TFAs once in a blue moon.

Ryan Wanner
Golden Pine Coffee Roasters
Colorado Springs, CO, USA

Super Seller: I know stuff.
Beta Tester: I break stuff.
he/him/hey you/coffee guy/whatever.

Happy Selling!

RoasterChica · ‎08-07-2022

Sincerest thanks for your help. I was able to put in the shop number as a backup and we tested it after close today. I wouldn't have known this was possible without you! I agree that added security is needed these days, but it shouldn't add layers of hassle for the user. Thanks for helping me navigate this successfully!

ryanwanner · ‎08-07-2022

Happy to help!

Ryan Wanner
Golden Pine Coffee Roasters
Colorado Springs, CO, USA

Super Seller: I know stuff.
Beta Tester: I break stuff.
he/him/hey you/coffee guy/whatever.

Happy Selling!

HellfireFarm · ‎08-19-2022

Interesting, I posted almost exactly the same thing a week or so ago but I can't find my post...

Is this 2FA ONLY for the mobile apps? I got the impression it's also for the website logins. And I also got the impression that it used SMS, which won't work for me at home. Am I totally not understanding how it works then?

RoasterChica · ‎08-09-2022

It's really unfortunate that Square was apparently threatened when another user posted an alternate viewpoint that was critical of using SMS for TFA. I received an email notification with the user's comment, which compelled me to do a little research on the topic. When I went to reply to the comment, however, it was gone -- and the user says they did not remove it.

Did Square delete it because it went against some obscure community guidelines or narrative?

Can we no longer question or post critical comments on features that Square seems to want to push on everyone?

Does anyone from the Square team care to comment on or investigate why this happened?

JJ_ · ‎08-11-2022

Hey there @RoasterChica looking into this it seems that the post included a video in which the publisher wasn't the author and this goes against Community Guidelines. I apologize for this inconvenience.

JJ
Community Moderator, Square
Sign in and click Mark as Best Answer if my reply answers your question.

RoasterChica · ‎08-11-2022

That’s what I figured. Thanks for providing the reason; i do appreciate the reply.

HellfireFarm · ‎09-11-2022

Can you or anyone else tell me if the 2FA applies to the WEBSITE login or is it only for the apps?

If it's for the website, then it is a significant problem for me, as SMS is very unreliable at my home (more like reliably doesn't work) - I live in a very rural area. I CAN'T limit my login by requiring SMS - the only way I could do that would be to log in, drive to the highway to get the number, and rush back before it all times out. Not practical.

If it's ONLY the apps, then I can use it as I only use those in areas with service.

Maybe suggest to your developers to consider alternates to SMS?

JJ_ · ‎09-13-2022

Hello @HellfireFarm

Our two-step verification tool does offer the option to use an Authentication App as an alternative to SMS.

To get started:

Go to Account & Settings > Account > Personal Information from your online Square Dashboard.

Under "2-step verification," click Enable 2-step verification.

Select the authentication app option, then click Next Step.

How to enable Authentication App

Download an authentication app like Google Authenticator, Microsoft Authenticator, or Authy.
Open the authentication app, then scan the QR code. Click Next Step.
Enter the verification code generated in your authentication app.
Click Verify.

Note: If the QR code is not scanning from your Authenticator App, click Can't scan the QR code? to manually enter a key code.

JJ
Community Moderator, Square
Sign in and click Mark as Best Answer if my reply answers your question.

CDH · ‎10-28-2022

So this is an older thread, but I am having an issue with this on my desktop. I am so sick of seeing it ask me if I want to use this and I DO NOT. Is it going to continue to ask me? I sign into my account almost every day, sometimes more than once a day and it asks me this every single time. I DO NOT WANT THIS FEATURE AND I DO NOT WANT TO BE ASKED EVERY SINGLE STINKING TIME. How do I get this to go away without enabling it and being strong armed into it??

ryanwanner · ‎10-28-2022

@CDH If you have your desktop browser set to clear cache and cookies upon exit (which is how I have mine setup) OR are using private browsing (where nothing is stored on your computer) then yes, every time you reopen your browser window you'll need to put your TFA information in. Without storing cookies, there is no way for Square to know it's continually you logging in. If you keep your browser window open (and just let the website time out), you shouldn't have to reenter the TFA info.

You can remove TFA from your account. Account & Settings -> Account -> Personal Information. The 2-step verification section is in the middle of the page. Unless you're completely and utterly sure your desktop comp is completely clean from viruses and trojans, I highly encourage you to keep using the TFA.

If your browser isn't set to clear cookies, you should not have to use the TFA on each login. Once you enter the TFA info once, you should be good to go for 30 days.

Ryan Wanner
Golden Pine Coffee Roasters
Colorado Springs, CO, USA

Super Seller: I know stuff.
Beta Tester: I break stuff.
he/him/hey you/coffee guy/whatever.

Happy Selling!

Purple_HS · ‎10-28-2022

Just here to commiserate. We have found it quite annoying, but have gotten over trying to disable it (that doesn't work for long!). We've just had to relent and add enough numbers so we always have one accessible to enter the code. UGH.

chrismjohnson · ‎04-29-2023

Square is missing the point COMPLETELY on this issue.

Yes we want our financial information to be protected, obviously. We also want to be able to take payments. In the summer, I have over 50 employees. When they can't log into a terminal, they can't take payments. It has proven impossible to get employees to not opt in to 2FA on the mobile devices. With 50 people, someone is going ot make a mistake and then other people can't log in.

Square is in the classic position of trying to solve two requirements with one feature, and it isn't working. They need to split it up.

How do we ensure our financial information is protected? Have a terminal-only account that I can give to many people. That account would have very few privileges -- can only take payments (and maybe refunds and so on -- choice for me to make). That account doesn't need 2FA because it can't do very much. If someone gets the password, all they can do is send me money 🙂

How do we ensure people can always log in? By not requiring 2FA (not even offering that option) for the terminal-only account. When I log in as an admin / privileged user, I want to use 2FA. Remind me if I'm not using it. But those are more powerful accounts.

Giving a part-time teenage worker the opportunity to turn on 2FA for everyone in the Square account is a bad idea.

I'm seriously considering switching to GoDaddy because Square has been so stubborn on this issue.

Why is this hard to understand? If I give a user little permissions, that account doesn't need extra protection, and an employee with that level of access shouldn't be able to change a setting for the WHOLE COMPANY that prevents us from getting paid.

MimiW · ‎05-01-2023

Hi @chrismjohnson,

Thanks for your feedback. You have a few options for your problem:

You can create a terminal-only Team Member account for your seasonal employees to use. As long as this account is not granted Full Access privileges, it will not see the 2-step verification prompt, or
You can set up device codes and have your employees log in to each device with a unique device code. Some sellers print these codes out and stick them on the hardware for convenience.

Feel free to send me a private message if you have more specific questions on setting this up, I'm happy to help.

Thanks,

Mimi

Mimi W.
Product Manager, Square
Get help in our Support Center

scottiespizza · ‎04-29-2023

The first time I saw the 2FA thing pop up at login, I didn't hesitate to enter my phone number and confirm the added security feature.

However, as soon as one of my employees needed to access our online dashboard (they do this daily to adjust our fulfillment settings), they were unable to get in without the code that was texted to me. Of course in that instance I was off-site and unavailable, and so this showed me that wow, it would be really annoying and not feasible to use two-factor authentication. So I turned it off.

Now, every single time anyone logs in, we have to click "remind me later" and then when the "are you sure?" message comes up we have to click "continue to square". It has added two additional steps to every login on a site that already runs kind of slow, and it is a huge nuisance.

I've checked my settings and I don't see any option to "Don't remind me again". Unless I'm mistaken? Anyone else having this problem?

MimiW · ‎05-01-2023

Hi @scottiespizza,

Thanks for your feedback. I recommend a couple possible options for you:

You can create a new Team Member account for your employees to use. As long as this account is not granted Full Access privileges, it will not see the 2-step verification prompt. They should be able to adjust fulfillment settings with this limited access team member account. (Recommended)
If there are only a few employees that you trust with your owner account, you can have them add their phone numbers as valid 2-step verification numbers. So when they login, they can select their own number from a drop-down list, send the SMS code there and won't have to bother you.

Feel free to send me a private message if you have more specific questions on setting this up, I'm happy to help.

Thanks,

Mimi

Mimi W.
Product Manager, Square
Get help in our Support Center

Palmaceia · ‎09-13-2023

I would also like for the two factor authentication to go away.

Is this possible?

_Violet · ‎09-13-2023

Hi @Palmaceia - Thanks for reaching out to us here on the Square Seller Community👋

I went ahead and merged your post to an existing thread where other Square Sellers have discussed this as well. We merge duplicate conversations together to keep like comments in one place, and to make it easier for others to find the thread in the future.

Please see the reply from @MimiW which has been marked as the Best Answer to this question ✅

I hope this information is helpful but please do let me know if you have any additional questions.

Violet
Community Moderator, Square
Sign in and click Mark as Best Answer if my reply answers your question.

How to get Square to STOP asking if I want two factor authentication

How to enable Authentication App