Protect your SquareSpace account with hardware token based two-factor authentication

 en français

Two-factor authentication adds an extra layer of security to your account and all Squarespace sites on your account. When logging into your account, you’ll enter an authentication code as an additional step. Depending on your settings, the code you enter will be generated by an authentication app on your smartphone or sent to you via text message. After you log in, you can skip two-factor authentication for 30 days.


  • Any Token2 programmable token (the guide below shows miniOTP-1 as an example)
  • An Android device with NFC - this is needed for the enrollment only, subsequent logins will only require the hardware token

Enable two-factor authentication for your SquareSpace account 

  • Click this link to open Account & Security settings in your Account Dashboard.
  • Click Two-Factor Authentication.
  • Click Next to Authentication App, click Set Up.
  • Enter your account password, and click Next. If you signed up with a social account, click Continue with [social network] to verify your credentials. 

Scan the QR code

  • Open the burner app on your phone to scan the QR code. If you are using Windows NFC Burner, you will have to copy the secret value ("Manual copy" method). Complete the process by connecting the token via NFC and hitting the "Burn seed" button on the burner app

Secure your Facebook account with a hardware token

Verify the OTP code

On your computer, type the 6-digit code generated by the hardware token in the Authentication Code field, then click Next.

Choose a backup method (optional)

In the window that appears, choose a backup method. This is useful if you lose your token. You can enable two-factor authentication via text message or print backup codes.

Time sync

As per SquareSpace  "Codes generated expire at 60 seconds. After a code expires, you can't use it to log in". This means that the authentication system does not support time drift as per RFC 6238. For this reason, we recommend using our programmable tokens with unrestricted time sync: miniOTP-2 or OTPC-P1