I am 100% with you on this.  My issue has been the same.  If I login and use TFA then it kicks the terminal off and they can't login without me sending them a code.  I'm already sick of having numerous accounts for numerous locations and businesses.  I shouldn't need to have so many work arounds for this stuff.  Just let me not use TFA.  It should be that simple.

I found this old thread and I don't think it answered the question I have. HELP!! It keeps asking our staff (who know the password) to SET UP 2 Factor Authentication and they keep doing it using their personal cell phones so when I try to get on it sends a code to them. I keep re-setting it and disabling it BUT how do I stop them from asking everyone who logs in? I don't want any number other than mine ever used. Thank you 

@westriv ;

I setup 2FA on my account. Now when I logged in on my Store computers it sent the code to my Cell, I entered the code and then I believe there was a Popup to see if I wanted to Remember this device.  I clicked Yes, and now the devices my staff uses or when I use it, I do not get the code sent to my cell, But I broke out an old computer and was sent the code to my phone.  I do not know if this is a new step or not, just stating that everytime I log in I do not get a Code even though I have it setup on my account.  Since my account is setup like this I am not able to see how I did this.

We just keep ignoring it because we do the most of our work on our laptop and frankly I have no idea how and what permissions everyone needs.

Hi @westriv - Thanks for following up on this thread.

If you haven't already, I suggest looking over the reply from one of our Product Managers, @MimiW, which has been marked as the Best Answer to this question ✅

I hope this is helpful but please do let me know if you have any additional questions.

Thanks. We don't want team members to have accounts. We just want when they sign in it won't let them set up TFA and lock us out unless they get a code on their cell phone. How hard would that be Square to do. Have a NEVER allow TFA unless it is the number on file with the account or just NEVER allow. Thanks

@westrivI would recommend looking into device codes. This will make it so only you need the TFA if you're logging into an account, not your team.

In case of an accidental logout, you can have that specific device's code stored securely in your store. Your team just hits the "Use Device Code" link on the login screen instead of inputting your or their email and password.

In all truth, though, I'm curious as to why this is a thing: I leave my devices on and logged into my account 24/7. Even when I power cycle my systems it still leaves me logged in. And, on the off occasion Square does log me out--usually after a pretty significant update from what I can tell--as long as I've checked the "Remember for 90 days" box and it's been within that time frame, I'm not asked for the TFA check. I'd be interested to know what your procedures are that causes you to have to enter a TFA each time someone logs into your device? (Not snark, serious curiosity!)

Hey @Frustrated831 —

I hear ya about employees. I have a new dent on my office desk in the shape of my forehead from my current team. 

If you’re just talking about the POS app and not the dashboard, your solution would be Device Codes. Each employee gets a code they are responsible for, and when they log out for whatever stupid reason they fabricate this time, you just tell them to use their device code to log in again. If they don’t have their device code then, well, way to show up for a job unprepared! The only time TFA would need to be used is when you’re trying to log in to the dashboard on a browser. And even then if you allow cookies for your browser you’ll only have to use TFA once a quarter. 

TFA is actually a really important security setting for the higher-end financial and reporting data you get on the dashboard, and device codes reduces that pain on the per device level. Using device codes on a per-device level stops having to give out your password each and every time too. 

This still does not solve the problem. We use device codes. We do not have employees. We are a volunteer run non-profit. Eventually, somebody will not have one of these device codes, use the account credentials, and accidentally enable 2FA, thus locking out the rest of the organization.

As long as Square keeps nagging everyone to enable 2FA, we run the risk of suddenly and unexpectedly being locked out of the account.

I don't care of 2FA is "a really important security setting blah blah blah". I personally have 2FA on all my accounts. It's a great technology, but is just doesn't work for our organization this way. Its presence is costing us money, plain and simple.

Give us the option, put it behind a big red flashing warning banner, whatever they need to do to make sure we understand the risk. But provide the option to disable it.

So the problem with device codes is that they are a temporary band aid for us. I could and probably will have the employees who regularly take payments set up a device code but thats just a bandaid because when someone else who isn't a payment taker steps in to cover (which is a regular occurrence) they will use our log-in credentials to log in on their device and turn on 2FA locking us out again. Apparently when 2FA was enabled last Sunday, it was kicking out everyone who was logged in.  I just happened to check my email at the same time our event was starting and saw the email saying 2FA was enabled and quickly turned it off but my coworkers who have no common sense managed to enable it another 3 times!