Two factor authentication for shared accounts?
June 25, 2019 8:59 PM Subscribe
What is the latest solution to two factor authentication for shared accounts? As an example, a financial account that both my wife and I need access to.
My wife and I are a typical millennial / Gen X couple, each with our own phone, email account(s), computer, etc. However we maintain common finances and so we share a login to our checking account, savings account, and brokerage. I really think we should start using two factor authentication because of all the hacking of online accounts, but the default option on all these sites seems to be getting an access code by text. Beyond that, the options seem to involve a physical key / dongle.
What's the right answer for shared-account holders? The main criterion is that either spouse should have the full ability, individually, to access the account without needing to consult the other spouse. Access codes via text seem obviously wrong since we have different phone numbers. Are there physical dongles / key generators where you can get 2 identical copies? On reflecting a bit, it would be fine if the other spouse were notified upon every access; for example if the access code were simultaneously texted to both phone numbers. Beyond that I would slightly prefer a physical item we could opt to lock up at home, but that's not essential. Thanks!
My wife and I are a typical millennial / Gen X couple, each with our own phone, email account(s), computer, etc. However we maintain common finances and so we share a login to our checking account, savings account, and brokerage. I really think we should start using two factor authentication because of all the hacking of online accounts, but the default option on all these sites seems to be getting an access code by text. Beyond that, the options seem to involve a physical key / dongle.
What's the right answer for shared-account holders? The main criterion is that either spouse should have the full ability, individually, to access the account without needing to consult the other spouse. Access codes via text seem obviously wrong since we have different phone numbers. Are there physical dongles / key generators where you can get 2 identical copies? On reflecting a bit, it would be fine if the other spouse were notified upon every access; for example if the access code were simultaneously texted to both phone numbers. Beyond that I would slightly prefer a physical item we could opt to lock up at home, but that's not essential. Thanks!
My etrade accounts allow for multiple FOBs / 2FA app installations. I have a physical FOB and a couple of app instances active. Pretty straightforward.
posted by MillMan at 9:07 PM on June 25, 2019 [2 favorites]
posted by MillMan at 9:07 PM on June 25, 2019 [2 favorites]
Assuming they use standard OTP (the thing with the QR code, not some weird enterprise 90s stuff involving text messages):
posted by caek at 9:08 PM on June 25, 2019 [3 favorites]
- Use 1Password (you should do this anyway). Have a shared vault with your partner. Put the bank password in the shared vault. Teach 1Password how to generate the 2FA token for your bank.
- Or, when you set up OTP on one phone, just set it up on another phone at the same time
posted by caek at 9:08 PM on June 25, 2019 [3 favorites]
I don't know if it is just me but most financial websites don't let me use Google Voice to get a text. So I bought an iPhone just for this situation and one bank won't let me use my iPhone because it is prepaid (Straight Talk) ymmv
posted by cda at 9:25 PM on June 25, 2019
posted by cda at 9:25 PM on June 25, 2019
My shared bank account has 2 log ins, with two separate Id/passwords. Your bank may let you each set up an account, with shared access.
posted by Valancy Rachel at 9:30 PM on June 25, 2019 [6 favorites]
posted by Valancy Rachel at 9:30 PM on June 25, 2019 [6 favorites]
If you did use Google Voice, you can just have it email you texts. You don't actually have to set up any real phones with it at all (though I think you might need a phone to enable it in the first place these days). This also means you could just use a Google Voice number on either of your personal accounts, and set up a GMail filter to forward any such messages to the other person.
It does work with some SMS-based authentication, but not others, depends on the institution.
posted by thefoxgod at 9:34 PM on June 25, 2019 [2 favorites]
It does work with some SMS-based authentication, but not others, depends on the institution.
posted by thefoxgod at 9:34 PM on June 25, 2019 [2 favorites]
With a joint account, my bank allows the same number of different logins as the number of independent account holders. Check with your bank to see if you each can have an independent login into your joint account.
I use a GV number for some 2FA, but my Bank America account does not send to it.
posted by AugustWest at 9:45 PM on June 25, 2019 [1 favorite]
I use a GV number for some 2FA, but my Bank America account does not send to it.
posted by AugustWest at 9:45 PM on June 25, 2019 [1 favorite]
Do any of them allow you to use an Authenticator app? Because you can set those up on two devices for one account.
posted by the agents of KAOS at 10:15 PM on June 25, 2019 [3 favorites]
posted by the agents of KAOS at 10:15 PM on June 25, 2019 [3 favorites]
For all the various joint accounts that my wife and I have (with three different financial services), we each have our own logins. I would look into whether that's a possibility. It should be.
posted by adamrice at 11:08 AM on June 26, 2019
posted by adamrice at 11:08 AM on June 26, 2019
I work at a financial institution in Canada. Here, each client gets their own logon ID and sets their own password.
This way, a client sees any account they have jointly with someone else, as well as ones that are in their name alone. (Like retirement accounts, which typically are in a single name.)
One of the rules with online banking here is that you must not share your logon and password with anyone else. Sharing this information voids the fraud liability protection on the account, so if you are the victim of some kind of electronic identity theft, the financial institution may say they're not liable for funds stolen.
It's likely your institutions have single logons, and each of you is using the same person's. Perhaps make a call to your institutions, while you're both together to authenticate over the phone, so you can resolve this. It may save you hassles if there's unauthorized access later.
posted by thenormshow at 1:04 PM on June 26, 2019 [1 favorite]
This way, a client sees any account they have jointly with someone else, as well as ones that are in their name alone. (Like retirement accounts, which typically are in a single name.)
One of the rules with online banking here is that you must not share your logon and password with anyone else. Sharing this information voids the fraud liability protection on the account, so if you are the victim of some kind of electronic identity theft, the financial institution may say they're not liable for funds stolen.
It's likely your institutions have single logons, and each of you is using the same person's. Perhaps make a call to your institutions, while you're both together to authenticate over the phone, so you can resolve this. It may save you hassles if there's unauthorized access later.
posted by thenormshow at 1:04 PM on June 26, 2019 [1 favorite]
Your question is unclear as to the registration of the accounts. Are both of you owners of the accounts you're trying to access? This is important since for access, estate, and family law reasons, you want to be joint owners of accounts you both want to be accessing, rather than just sharing a logon.
Obviously, it's easy to impersonate one another online, but if there's an issue, and one of you goes to the bank to resolve something, the bank is only going to deal with the registered owner of an account, or their power of attorney.
Take some time to get the registrations of these accounts set up the way you want, and the online access should follow.
posted by thenormshow at 1:11 PM on June 26, 2019
Obviously, it's easy to impersonate one another online, but if there's an issue, and one of you goes to the bank to resolve something, the bank is only going to deal with the registered owner of an account, or their power of attorney.
Take some time to get the registrations of these accounts set up the way you want, and the online access should follow.
posted by thenormshow at 1:11 PM on June 26, 2019
The best solution is to have two logins to access the same accounts. I have my credit union account access set up this way for accounts I share with my SO. I'd highly recommend talking to your bank and asking them to set up something similar (and would seriously consider switching banks if they don't have this feature because sharing accounts is bad security practice).
posted by Aleyn at 1:24 PM on June 26, 2019
posted by Aleyn at 1:24 PM on June 26, 2019
This thread is closed to new comments.
Also, if the financial institution allows 2FA code generator apps, Authy allows syncing between two devices.
posted by bluecore at 9:06 PM on June 25, 2019 [2 favorites]