Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How to Share Two-Factor With Another Person

Step 1: trust.

by

Two factor authentication is one of the most important things you can set up to protect your accounts. Even so, it's possible to share certain 2FA types with multiple authorized people. I'll show you how I do it.
Two different phones showing the same two-factor code.
(Image: ChatGPT)
Question: I get two-factor and would use it, except that my wife and I both sign into a shared account, and we each have our own phone. If the 2FA were my phone, wouldn’t she have to ask me every time a code was needed? That’s a pain.

Yes, it is.

But there’s a good chance that it’s not needed.

Using a specific type of two-factor authentication, you can set up both your phones as allowed two-factor devices for the same account.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Sharing 2FA

You can share two-factor authorization by using an authenticator app that supports TOTP codes. Set it up once; then scan the same QR code on both phones. Or use a shared password manager like 1Password that includes the code. That way, either person can log in without extra hassle.

TOTP two-factor authorization

TOTP stands for Time-based One Time Password, which I often refer to as Google Authenticator-compatible two-factor authentication, or just authenticator-based. Once configured, your device (typically an app on your smartphone) displays a six-digit code that changes every 30 seconds. Your ability to present this code correctly when requested acts as your second factor.

Unlike other forms of two-factor authentication, we can set up TOTP on more than one device.

If you don’t have a smartphone or a TOTP app you can use elsewhere, or the service you’re using doesn’t offer TOTP authenticator as a second factor, then this option isn’t available to you.

But if it is, we can remove this annoyance for you.

Related


Why ANY Two-Factor Is Better than No Two-Factor

 Headlines are proclaiming that two-factor authentication has been hacked. That in no way means you shouldn't use it. Your account is still much safer with two-factor enabled.
#70786

Setting up two two-factor devices manually

The process is pretty straightforward.

  • Sign in to the account you want to share with someone else.
  • Begin the process of setting up authenticator-based 2FA.
  • Take a screenshot of the QR code (or copy the text code). Save it somewhere safe.
  • Use that QR code to set up the authenticator on one device.
  • Use that QR code a second time to set up the authenticator on the second device.

Both devices should now show the same changing six-digit number associated with this account.

Either device should now act as an accepted 2FA for that account.

A two-factor authentication QR code.
A two-factor authentication QR code. (Screenshot: askleo.com)

That QR code contains all the magic. By saving it, you can set up multiple 2FA devices for the same account at any time. Should you ever lose your device, it’s also a great way to set up 2FA on a replacement without needing to turn 2FA off and back on again on the account.

Save the QR code in a secure place in case you need it later. Maybe store it offline, in an encrypted vault, or somewhere else that’s accessible only to you.

Related


How to Add Two-Factor Authentication to Your Google Account

 Adding the most common and secure form of two-factor authentication to your account.
#175329

Setting up two two-factor devices automatically

Some password managers can also serve as your second-factor authenticator. When you do this, then:

  • Any device on which you are signed in to your password manager can act as your second factor. For example, both your PC and your phone.
  • If your password manager can share items or collections with another user of the same password manager, then accounts with two-factor authentication can also be shared, including the second factor.

I do both using 1Password.

A two-factor code displayed in 1Password.
A two-factor code displayed in 1Password. (Screenshot: askleo.com)

For example, my wife and I share an online shopping account that has two-factor authentication enabled. The information is stored in 1Password.

  • When needed, I can use any of my PCs or my mobile phone to provide the second factor code.
  • Since that item is shared between my wife’s 1Password account and my own, either of us can provide the code.

It’s probably the most convenient way to manage two-factor on a shared account.

Sometimes you can use a dedicated app

Some websites or services offer a dedicated app you can install on your smartphone. Sometimes it’s this app that can act as a second factor.

Bank 2FA options, including "Mobile Notification" to the app on my phone.
My bank’s 2FA options, including mobile notification to the app on my phone. Click for larger image. (Screenshot: askleo.com)

For example, when signing into a bank that has such an app:

  • You sign in normally with a username and password.
  • You’re asked which form of two-factor you would like to use (typically choosing between SMS, email, or the app).
  • Choosing the app causes a notification to appear on the mobile device on which you’ve installed and previously used the app.
  • Confirming the sign-in in the app acts as your second factor.

Sharing that second factor is as simple as installing the bank’s app on both of your phones and signing in at least once. The next time two-factor is required, both devices will get the notification, and either device can approve the sign-in.

Not all services offer this, but it’s another convenient approach when they do.

Do this

Enable two-factor authentication on accounts that support it. It’s one of the most important steps you can take to secure your account.

If you can, use authenticator-based two-factor authentication, saving the QR code (or text code) as you set it up. You can then share that code with anyone else you want to allow access to the account. If you’re both using a password manager that supports TOTP two-factor, even better: the two-factor capability will be included with what you share with someone else.

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

Download (right-click, Save-As) (Duration: 12:03 — 11.1MB)

Subscribe: RSS

Related Video

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Additional information is available at https://askleo.com/creative-commons-license/.