2 Factor Authenification with two people?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
Cody
Posts: 1025
Joined: Sun Dec 02, 2007 9:19 am
Location: Stillwater, Mn

2 Factor Authenification with two people?

Post by Cody »

My wife and I both use the same passworded bank account (one account). And this is true of other applications.

With two factor authenifcation I recieve a text of a code. But it is my phone number (not hers) so when she accesses the bank account I have to be near by to give her the code.

Can we both recieve the code (even though we have separate phone numbers).

Is there an easy work around? We are Apple people.
User avatar
anon_investor
Posts: 10212
Joined: Mon Jun 03, 2019 1:43 pm

Re: 2 Factor Authenification with two people?

Post by anon_investor »

Cody wrote: Sun Jan 09, 2022 10:25 am My wife and I both use the same passworded bank account (one account). And this is true of other applications.

With two factor authenifcation I recieve a text of a code. But it is my phone number (not hers) so when she accesses the bank account I have to be near by to give her the code.

Can we both recieve the code (even though we have separate phone numbers).

Is there an easy work around? We are Apple people.
Is this a joint bank account? If so, why do you each not have separate login credentials?
hoofaman
Posts: 289
Joined: Tue Jul 14, 2020 3:39 pm

Re: 2 Factor Authenification with two people?

Post by hoofaman »

So are you currently just sharing your account login with your wife?

With the banks and brokerages I use, 1 account login is assigned for each human, and then each user account is given access to one or more bank accounts. My wife and I each have separate user accounts, but shared access to joint accounts were applicable. You might want to ask your bank about this
SnowBog
Posts: 2720
Joined: Fri Dec 21, 2018 11:21 pm

Re: 2 Factor Authenification with two people?

Post by SnowBog »

+1 on separate logins. With joint accounts, you should both be able to have your own login, tied to your own social security (for banks/brokerages anyway), and both be able to access any joint accounts. Many brokerages also let you grant other access, for example I've granted my spouse "view" rights to my individual accounts (IRA, 401k, etc.), and they've done similar for me so we can login to our own accounts but still see the full picture.

That said, some sites may let you "remember" device, so they won't prompt for two factor again from that specific device (or at least for the next 30 days or so).

Some sites might let you setup multiple 2 factor option, like maybe two phone numbers, or a phone number and email - so that each of you has an option you can access.

Other than that, there is no work around - and that's arguably the point of two factor.
quantAndHold
Posts: 7103
Joined: Thu Sep 17, 2015 10:39 pm

Re: 2 Factor Authenification with two people?

Post by quantAndHold »

You should have two logins. One of the basic tenets of computer security is that each person has their own account.

That said, I have an account at a small credit union that doesn’t understand this, and joint accounts only have one login. They also don’t understand other things about online security. I solved the problem by moving the bulk of our money elsewhere. I wanted to keep a local account in case we needed a cashier’s check or medallion signature guarantee, but the whole thing just feels like an accident waiting to happen.
Yes, I’m really that pedantic.
realclemsongrad
Posts: 95
Joined: Sat May 16, 2020 4:37 pm

Re: 2 Factor Authenification with two people?

Post by realclemsongrad »

Cody wrote: Sun Jan 09, 2022 10:25 am My wife and I both use the same passworded bank account (one account). And this is true of other applications.

With two factor authenifcation I recieve a text of a code. But it is my phone number (not hers) so when she accesses the bank account I have to be near by to give her the code.

Can we both recieve the code (even though we have separate phone numbers).

Is there an easy work around? We are Apple people.
Some banks let you add two phone numbers for 2FA. This is how we share the accounts.
quietseas
Posts: 157
Joined: Fri Dec 27, 2013 4:43 pm

Re: 2 Factor Authenification with two people?

Post by quietseas »

Our credit union and banks, our insurer, and of course Vanguard support each partner having a different log in linked to the Joint account. We do not share social media and email accounts where we also have 2FA enabled.
Last edited by quietseas on Sun Jan 09, 2022 11:05 am, edited 1 time in total.
jebmke
Posts: 14625
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: 2 Factor Authenification with two people?

Post by jebmke »

Separate log-ins; many institutions T&Cs require it. I had to go even one step further and grant my spouse "manager" status with AMEX Card since I had been the one who opened the account. She had to grant me "manager" status with Verizon because she originally started the service and I was an additional user on our VZ plan. We have separate log ins on Verizon, bank and Vanguard.

She had to grant me "manager" status with Verizon because she originally started the service and I was an additional user on our VZ plan.
When you discover that you are riding a dead horse, the best strategy is to dismount.
Jeepergeo
Posts: 329
Joined: Sun Dec 20, 2020 2:33 pm

Re: 2 Factor Authenification with two people?

Post by Jeepergeo »

Our banks allow each of us to have an e-banking account, with each account having its own unique account credentials. Each e-banking account can access multiple bank accounts, including our joint checking and savings account. This way, it is always clear who made the digital transaction.

The way your DS is currently accessing the account, by you giving your DS your UN, PW, and 2FA codes is very likely a violation of the bank's EULA that you agreed to abide by.. Jeeze, that could be punishable by fines and imprisionment :wink:

Check with your bank. They likely deal with this all the time.
User avatar
rob
Posts: 3897
Joined: Mon Feb 19, 2007 6:49 pm
Location: Here

Re: 2 Factor Authenification with two people?

Post by rob »

I get it... Most of our financial places allow multiple phone numbers and then you select the one when they ask for codes - the text based two-factor anyway. I expect it would not work with the apps but have not tried
| Rob | Its a dangerous business going out your front door. - J.R.R.Tolkien
jlyonmn
Posts: 7
Joined: Sun Nov 12, 2017 8:59 pm

Re: 2 Factor Authenification with two people?

Post by jlyonmn »

Yes. You can synchronize your 2FA apps to both show the same code at the same time. It's a bit of a pain though. First, you have to turn off 2FA on the site you want to log into. Then you delete the site from your 2FA app. Now, with both phones present, re-add 2FA to the account (on their website and phone 2FA app) and take a picture of the QR code thing WITH BOTH PHONES AT THE SAME TIME. That should do it.

A simpler way is to use a 2FA app that allows backups like Microsoft's 2FA app or LastPass' (though you need a LastPass password manager to this). You back up the credentials (in iCloud or LastPass) and 'restore' it to your second phone.
jayjayc
Posts: 289
Joined: Tue Jun 25, 2013 11:38 pm

Re: 2 Factor Authenification with two people?

Post by jayjayc »

1st, let me say that everyone else's advice is better than mine. However, if you insist on holding 1 login and you insist on receiving your 2FA codes through text, then consider setting up a Google Voice number. You will get a new phone number to share with your banks. Install the google voice app on both of your phones and whenever the bank sends the code to the new google voice #, both of your phones will receive it.

It will also protect you against SIM swapping where scammers steal your phone # in order to gain control of your accounts.
User avatar
ResearchMed
Posts: 13016
Joined: Fri Dec 26, 2008 11:25 pm

Re: 2 Factor Authenification with two people?

Post by ResearchMed »

rob wrote: Sun Jan 09, 2022 11:20 am I get it... Most of our financial places allow multiple phone numbers and then you select the one when they ask for codes - the text based two-factor anyway. I expect it would not work with the apps but have not tried
I don't know about multiple phone numbers for a single account 2FA (haven't tried that), but every account I've seen (or... at least paid attention to?) allows a choice of receiving the code via e-address, phone call, or text messaging. Those are any numbers/addresses we want to enter, so one could be using a "text message", the other a phone call. And an email acount could be used with shared access to the email no matter which physical device one is using.

It's sort of interetings about whether allowing an authorized user to "share" a login really violates the T&C's of an account.
We have at least two main financial firms (one with 403b accounts and the other with both 403b and IRA accounts) where we have had considerable interaction with senior or supervisor-level reps (in one case a VP, and yes, "everyone can be a VP at financial firms", etc...). In thos cases, I'm the one "doing" ALL the interactions for DH and for myself. I have spoken with these reps many, many times when they can see that someone is logging into DH's account, while they are speaking with me by phone and we are discussing what *I* am doing. They may be helping with an actual transaction or just explaining something. We've occasionally been speaking, and I'll ask, "Should I log into his account now?" (e.g., so I can "check that" or such). And NO ONE has ever hesitated or said anything other than some version of "sure, please login so we can take care of this". There is zero question that I'm "me" and the account is "his", and I'm "authorized".

On rare occasions, such a person will call ME back to follow up on something wrt DH's account, and actually ask if I'm able to log in to see <whatever>. There is no request to speak with DH or check that "he" is there to do the loggin in.

In the case of Vanguard, it's really impossible otherwise, as a fully authroized agent is NOT able to view the 403b account when logged in as agent. Only logging in as "owner" (not agent) allows one to view that. [The agent is supposed to call and ask to have any details read to them over the phone, such as all recent transactions or the balance of every holding... a bit aburd for those who slice and dice, and several Vanguard reps have agreed with that characterization.)
For the IRA account, yes, the agent can log in "as agent" and see/do anything online the same as the owner, but not for the 403b account.

RM
This signature is a placebo. You are in the control group.
UpperNwGuy
Posts: 7190
Joined: Sun Oct 08, 2017 7:16 pm

Re: 2 Factor Authenification with two people?

Post by UpperNwGuy »

Either of two easy solutions:
1. Get separate logins for the joint account. This is what you're supposed to do anyway.
2. Use email instead of text message to receive your numeric code. Put the email on both phones.
phantom0308
Posts: 395
Joined: Thu Aug 25, 2016 6:52 pm
Location: San Mateo, CA

Re: 2 Factor Authenification with two people?

Post by phantom0308 »

I sync the 2FA apps on our devices when this is needed. I prefer email over sms if that isn’t possible
jebmke
Posts: 14625
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: 2 Factor Authenification with two people?

Post by jebmke »

ResearchMed wrote: Mon Jan 10, 2022 6:16 am
rob wrote: Sun Jan 09, 2022 11:20 am I get it... Most of our financial places allow multiple phone numbers and then you select the one when they ask for codes - the text based two-factor anyway. I expect it would not work with the apps but have not tried
I don't know about multiple phone numbers for a single account 2FA (haven't tried that), but every account I've seen (or... at least paid attention to?) allows a choice of receiving the code via e-address, phone call, or text messaging. Those are any numbers/addresses we want to enter, so one could be using a "text message", the other a phone call. And an email acount could be used with shared access to the email no matter which physical device one is using.

It's sort of interetings about whether allowing an authorized user to "share" a login really violates the T&C's of an account.
We have at least two main financial firms (one with 403b accounts and the other with both 403b and IRA accounts) where we have had considerable interaction with senior or supervisor-level reps (in one case a VP, and yes, "everyone can be a VP at financial firms", etc...). In thos cases, I'm the one "doing" ALL the interactions for DH and for myself. I have spoken with these reps many, many times when they can see that someone is logging into DH's account, while they are speaking with me by phone and we are discussing what *I* am doing. They may be helping with an actual transaction or just explaining something. We've occasionally been speaking, and I'll ask, "Should I log into his account now?" (e.g., so I can "check that" or such). And NO ONE has ever hesitated or said anything other than some version of "sure, please login so we can take care of this". There is zero question that I'm "me" and the account is "his", and I'm "authorized".

On rare occasions, such a person will call ME back to follow up on something wrt DH's account, and actually ask if I'm able to log in to see <whatever>. There is no request to speak with DH or check that "he" is there to do the loggin in.

In the case of Vanguard, it's really impossible otherwise, as a fully authroized agent is NOT able to view the 403b account when logged in as agent. Only logging in as "owner" (not agent) allows one to view that. [The agent is supposed to call and ask to have any details read to them over the phone, such as all recent transactions or the balance of every holding... a bit aburd for those who slice and dice, and several Vanguard reps have agreed with that characterization.)
For the IRA account, yes, the agent can log in "as agent" and see/do anything online the same as the owner, but not for the 403b account.

RM
For our joint accounts, I look at it this way. It is generally easy to set up so why not? Technically, it is probably more compliant with terms. In addition, if one of us ever gets “locked out” for whatever reason we still have access to the account. Enough of our assets are held jointly that if one of loses access or cannot access (incapacitated) the individual accounts for a while it is not a big deal.
When you discover that you are riding a dead horse, the best strategy is to dismount.
LeftCoastIV
Posts: 527
Joined: Wed May 01, 2019 7:19 pm

Re: 2 Factor Authenification with two people?

Post by LeftCoastIV »

jayjayc wrote: Mon Jan 10, 2022 12:25 am 1st, let me say that everyone else's advice is better than mine. However, if you insist on holding 1 login and you insist on receiving your 2FA codes through text, then consider setting up a Google Voice number. You will get a new phone number to share with your banks. Install the google voice app on both of your phones and whenever the bank sends the code to the new google voice #, both of your phones will receive it.

It will also protect you against SIM swapping where scammers steal your phone # in order to gain control of your accounts.
Note that Google Voice is sometimes not supported for MFA texts. Wells Fargo is an example.
Gadget
Posts: 804
Joined: Fri Mar 17, 2017 1:38 pm

Re: 2 Factor Authenification with two people?

Post by Gadget »

The specific answer to your question is to share a TOTP authenticator, and use that for all your one time passwords. That's more secure than SMS anyway. Although I realize many financial sites refuse to adopt TOTP over SMS.

If you can use TOTP (2 factor codes that reset every 30 seconds), I'd recommend one that bundles it with your password manager, like 1Password. You can share the account/password in a shared vault that also shares the TOTP authentication code. And it will enter the TOTP automatically for you in some cases. So both you and your spouse can each have their own 1password login, with as many shared accounts/passwords/TOTP as you want. Or you can keep them private to a specific account.

If you don't use a password manager with a TOTP feature, use Authy. It's probably the best one where you can share and sync TOTP passwords.

I do not recommend using something like Google Authenticator that doesn't sync to an account. If you lose your phone, or it dies, or you get a new phone and forget to move over your TOTP passwords, it's a huge hassle to reset all that back and prove your identity.
gavinsiu
Posts: 155
Joined: Sun Nov 14, 2021 12:42 pm

Re: 2 Factor Authenification with two people?

Post by gavinsiu »

Cody wrote: Sun Jan 09, 2022 10:25 am My wife and I both use the same passworded bank account (one account). And this is true of other applications.

With two factor authenifcation I recieve a text of a code. But it is my phone number (not hers) so when she accesses the bank account I have to be near by to give her the code.

Can we both recieve the code (even though we have separate phone numbers).

Is there an easy work around? We are Apple people.
What type of 2FA is allowed. Here are two suggestion assuming you are allowed only SMS.

1. Most bank allow you to create separate login for the same account. For the purpose of security, this is the way. In those cases, just use different phone number for 2FA.
2. There may be good reasons to use the same login. I setup a list of payee for my bank account. When my spouse login, she cannot see that list, so she can't figure out which bill got paid without browsing through the activity. You can setup a google voice account and use that for the SMS 2fa. Make sure you secure the google voice account with its own 2FA (use a hardware key or TOTP). You can install the google voice app on both your phones. Note that some banks do not allow voip and in which case you cannot use this method. Do make sure you use your google voice every 6 months to prevent google from closing it down due to inactivity.

If you do not have to use 2FA, there are alternatives.
* If your bank allow hardware keys, you can setup multiple hardware keys and a backup in case both your keys get lost.
* If your bank allow TOTP, you can setup something like Authy, which allow you to setup multiple devices for security code.
Topic Author
Cody
Posts: 1025
Joined: Sun Dec 02, 2007 9:19 am
Location: Stillwater, Mn

Re: 2 Factor Authenification with two people?

Post by Cody »

Could someone clarify TOTP please.
User avatar
Brianmcg321
Posts: 1619
Joined: Mon Jul 15, 2019 8:23 am

Re: 2 Factor Authenification with two people?

Post by Brianmcg321 »

Can’t you just text her the code once you receive it? Why would you need to be near her?
Rules to investing: | 1. Don't lose money. | 2. Don't forget rule number 1.
sureshoe
Posts: 902
Joined: Tue Jan 15, 2019 4:26 pm

Re: 2 Factor Authenification with two people?

Post by sureshoe »

Cody wrote: Thu Jan 13, 2022 9:45 am Could someone clarify TOTP please.
Time-Based One-Time Password

I think Google Authenticator or some other key generator is fine for TOTP. You can share it with multiple users. Using LastPass or something like that alone does not have the same quality of account protection as the individual account having MFA. Anyway, it's a rabbit hole and people's opinions on how deep to go varies.

My wife doesn't log into most of our accounts. She has access to our LastPass account if she needs to (or I die). But, I have Mint setup to pull all the data, and she logs into Mint. If you're wanting her to be moving money, doing things like that - you have to see what the bank offers in terms of unique logins.
Topic Author
Cody
Posts: 1025
Joined: Sun Dec 02, 2007 9:19 am
Location: Stillwater, Mn

Re: 2 Factor Authenification with two people?

Post by Cody »

Texting the code to my wife would work fine some times but I don't alway have instant access to my phone. She would have to depend on me.
Topic Author
Cody
Posts: 1025
Joined: Sun Dec 02, 2007 9:19 am
Location: Stillwater, Mn

Re: 2 Factor Authenification with two people?

Post by Cody »

And: "You can enable more than one multifactor authentication option to be used when accessing your LastPass Vault. It is recommended whenever possible to enable multiple authentication options (even on multiple trusted devices) in case you ever lose access to one device, you will have a backup."

That should work for us.
gavinsiu
Posts: 155
Joined: Sun Nov 14, 2021 12:42 pm

Re: 2 Factor Authenification with two people?

Post by gavinsiu »

Cody wrote: Fri Jan 14, 2022 10:37 am Texting the code to my wife would work fine some times but I don't alway have instant access to my phone. She would have to depend on me.
If you use google voice, it can either text to both numbers or you can install the google voice app on her phone
Post Reply