Separate Your Shared Toast Web Accounts

In this Article:

• Separate a Shared Account
• Account Security & Sharing Accounts
• Frequently Asked Questions
  
  • What if I don’t want to use MFA? Can I turn it off?
  • Can I keep using shared Toast Web accounts?

Separate a Shared Toast Web Account

If a shared Toast Web account has access to the 8.1 Financial Accounts or 8.7 Instant Deposits permissions, then multi-factor authentication (MFA) is required to keep your account secure. This makes it challenging to continue sharing an account because the authentication code will go to one person's device, regardless of who is signing in. There are two options to remedy this situation:

• Remove the 8.1 Financial Accounts or 8.7 Instant Deposits permissions from the shared account, and then disable MFA. This way, multiple people can log in using the same email address and password without needing an authentication code.
• Or, create separate Toast Web accounts for each person. This requires a unique email address for each login, but will give you greater flexibility in assigning sensitive permissions to the people who need them. Only users with 8.1 or 8.7 will be required to enable MFA.

To separate a shared Toast Web login, follow these steps:

1. Identify everyone currently using the shared account to gather a list of users who need their own account. You’ll need a unique email address for each Toast Web account.
2. Follow the instructions in this Toast Central article to invite each user to create an individual Toast Web account: .
   • If your business uses Toast Payroll, please instruct them to log in to Payroll. The user will immediately see the unified login wizard that will walk them through the process of linking their Toast Web and Payroll accounts (see for more information).
   • If your business doesn't use Toast Payroll and some of the users you identified already have a Toast Web login, you can update their permissions to ensure that they have the access they need on their individual account. See to learn more. 
3. Review and adjust permissions and location access for each new account. 
   
   • It is highly recommended that you take this opportunity to assess if everyone using the shared account needs continued access to the same locations and permissions. 
     
     • For minimal disruption, add each new employee to the same locations with the same permissions as was set up on the shared account.
     • Otherwise, adjust each user’s access as necessary.
     • Remember, any user account with financial privileges will be required to enable MFA.
4. New users will activate their account, and if applicable, configure MFA.
   
   • New users will receive an email with an invitation to finish setting up their account and create their password.
   • Each new user with financial privileges will receive an MFA setup prompt. Follow the instructions to link their own device for authentication.
5. Restrict access to the shared account.
   
   • Once all users have individual logins, change the password/MFA method for the shared account, or disable/delete the shared account to prevent continued use. To learn more, see .

Toast Web Account Security & Sharing Accounts 

Toast Web requires multi-factor authentication (MFA) for users with financial privileges (8.1 Financial Accounts or 8.7 Instant Deposits). By making MFA mandatory for these users, we’re protecting the credentials (email address and password) for people who have access to money movement, just like any other financial institution. Depending on the size of your business, these users could be accountants, managers, or even owners - people who have high levels of access because of their function. 

Shared accounts are those with a single set of credentials used by multiple people to log in to Toast. While this may have been a convenient way to grant access to your restaurant in the past, with Toast’s mandatory MFA policy, sharing accounts introduces several challenges and security risks:

• A shared account is more likely to receive MFA challenges at every login, adding significant friction to logging in every day.
  
  • Individual accounts, logging in from the same device and location, are not subject to these repeated challenges.
• Only one person receives the MFA code, delaying access for others.
• If the MFA recipient is unavailable, no one else can log in until they provide the code.
• A shared account promotes bad security practices like sharing MFA codes (leaving you vulnerable to social engineering attacks).

For this reason, the best way to make logging in easier again is to transition to individual Toast Web accounts for each user. By transitioning from shared accounts to individual accounts, you enhance security, streamline access, and reduce the risks associated with shared credentials.

The benefits of individual Toast Web accounts include:

• Easier, more secure access – Everyone has their own login and MFA method.
• Clear accountability – Actions can be traced back to specific users.
• Flexible permissions – Only necessary individuals get access to sensitive actions.
• Improved security – If one account is compromised, it doesn’t put everyone at risk.

To learn more about keeping your Toast account secure, see this Toast Central article: .

Frequently Asked Questions About Shared Accounts

What if I don’t want to use MFA? Can I turn it off?

Unfortunately, you cannot turn off MFA if you have high-level financial permissions. Similar to your bank, Toast is doing this to ensure the financial safety of all our customers from bad actors.

If the financial privileges are removed from a Toast Web account, MFA can be disabled.

Can I keep using shared Toast Web accounts?

At the very least, Toast highly recommends creating individual accounts for those users who continue to need access to sensitive information. A shared account without access to financial permissions may continue to be used for the time being if it’s set up with more basic access (subject to change).