HirePOS Help Guides
Home
Setup > Preferences
Users

Shared Front Counter Devices and Two-Factor Authentication

Edited

Some businesses use a shared Front Counter computer where multiple staff members access HirePOS throughout the day. In this situation, the shared login must be configured carefully to reduce security risk.

A shared Front Counter login must not be a HirePOS Admin user.

Shared Front Counter devices should use a General user account only, with permissions locked down as much as possible. This helps ensure the shared login cannot access critical areas such as system setup, preferences, user management, billing, or other administrative functions.

Where multiple staff members use the same Front Counter login, the Staff PIN feature should also be enabled. This allows staff activity to be identified more clearly while still allowing the business to operate from a shared Front Counter device.

At minimum, shared Front Counter users must use Email Verification Code as their two-factor authentication method. When signing in, users may select Remember this browser for 30 days to avoid entering a verification code every time they sign in from the same trusted browser.

For stronger security, an Authenticator app may optionally be used instead of Email Verification Code. This can help protect the account if the business email account has been compromised. Examples include Microsoft Authenticator, Google Authenticator, or another compatible TOTP authenticator app.

However, authenticator apps should generally be treated as personal and tied to a specific mobile phone device. This means the authenticator code may not be conveniently available to all staff using the shared Front Counter device. If an authenticator app is used, the person with access to that authenticator device may need to be present when the Front Counter login requires verification.

For most shared Front Counter environments, HirePOS recommends:

  • Use a General user, not an Admin user.

  • Lock down the General user permissions as much as possible.

  • Enable the Staff PIN feature.

  • Use Email Verification Code as the minimum two-factor authentication method.

  • Use Remember this browser for 30 days on trusted Front Counter computers.

  • Consider an Authenticator app only where the business understands that it may be tied to a specific person’s mobile device.

two-factor
2fa
front counter
authenticator

Was this article helpful?

Sorry about that! Care to tell us more?

Thanks for the feedback!

There was an issue submitting your feedback
Please check your connection and try again.
Powered by Front