siderea: (Default)
[personal profile] siderea
I have been kicking around a post idea for something like a year or a year and a half, but I've been torn between wanting to write it as a post (and tell you things) and wanting to ask for solutions.

Mr. Bostoniensis and I have been trying to consolidate our household, and the Brave New World of the Internet is... not facilitating this. Vendor after vendor, platform after platform, is organized around the concept of a single user account. Even when company accounts nominally allow multiple user accounts, typically one user account is the real user account and the other has restricted access.

For instance, when setting up joint financial instruments, we split up the work: I would set up the joint bank accounts, he would set up the joint credit cards. We subsequently discovered that he can't access the statements and tax documents in our nominally-joint bank account's online portal, and I can't have an independent login at all for our allegedly joint credit cards that show up on my credit report.

This is infuriating. What we want to happen is that he and I have equal full access to the accounts we share, such that either of us can do what needs to be done on them, which I thought was a pretty normal approach to, well, life. I did not think heterosexual marriage was some sort of weird counter-cultural edge-case, and it offends my software developer soul to be reduced to sharing usernames and passwords.

But that is exactly the case, and I would just hold my nose and do it, except for one thing.

Two-factor authentication.

If I want to be able to two-factor into an account that uses his phone number, I have to access his phone. Something best done while he is not asleep, which, unfortunately, is precisely when I am most likely to want to be paying bills or doing online shopping. Likewise, if he wants to two-factor into an account that uses my phone number, he'll need access to my phone. Which, honestly, he could probably slip into the room and grab off the charger while I'm asleep – which is precisely when he'll be wanting into those accounts – but that does him no good if say I were out of town or in the hospital or some such.

And more and more 2FA is becoming mandatory. You can't turn it off. (Or in the notable case of one of our credit cards, you can turn it off. It will two-factor you anyways, but the account settings assure you it's off.)

Two-factor authentication is stupid and awful for so many reasons, but it has only recently dawned on me that one of them is that 2FA is intended to keep anyone else from logging in to your account and I actually want someone else to log into my account. Legitimately, I think.

So.

Obviously, the Bostoniensis household requires some sort of telephony solution such that:

• text messages (SMS) sent to a single phone number propagate to two cell phones; *

• either of the two cell phones can originate text messages from that single phone number which is not the phone number of either of those phones; **

• and the phone that didn't send the reply gets a copy of it, so it can stay in sync with the convo; ***

• voice calls sent to that single phone number propagate to one, the other, or both simultaneously of the two cell phones, depending on a on-the-fly configurable schedule of when which call goes where; ****

• either cell phone can originate a voice call that will appear to come from the shared number; ****

• ideally, both cell phones could conference into the same call with a third party, but that's a bonus;

• must be compatible with Android phones, an probably needs to support iOS as well; we'd love a solution that also supports web and/or MacOS desktop access, but that's a bonus.

I am looking for recommendations for solutions that (are known to) meet this specification. There are lots of solutions for small businesses, but r/smallbusiness drags a lot of them for filth, and also we're cheap and don't want to pay a fortune, especially for a lot of businessy services we don't need like the ability to spam-SMS 10k prospective customers an hour or (all the rage right now) deploy an AI receptionist or surreptitiously surveil our customer service agents' work for quality and training purposes or integrate with Salesforce.

Also, crucially, a lot of these services seem to be based on a phone tree model, where each handset gets its own extension, and I'm really unclear how that would work with automated voice-call 2FA. Not well, I am guessing.

So what I am looking for is knowing recommendations that can answer from direct experience as to whether a solution will support our intended use case.

Has anybody else even tried to solve this problem? Or does everybody else just accept that financial instruments, online retail accounts, and virtual services can only really belong to one member of a couple at at time?

This seems like something there should be an obvious commercial service for, targetted at families, but the only one I found no longer is in the Play store and also may be wholly defunct.

As a side note, this isn't only relevant for couples. It's relevant to all sorts of multi-adult households, from polycules to multigenerational households. It is of particular relevance to people with aging elders who might want to be able to get into the elder's accounts to help them from afar. Especially adult siblings of aging parents, where no one sibling should be the only person stuck with all the administrative work. It's surprising that I haven't found a commercial solutions to this yet, and wonder if there already is one everybody else already knows about.

* Necessary to allow either member to receive a 2FA text message when either one initiates a log in.

** Necessary in the case we want to revoke texting permission to a third party by "text STOP to end".

*** Necessary not to engage in an inadvertent Abbot and Costello routine.

**** Necessary because every once in a while a 2FA system will barf on texting VOIP numbers, and only successfully get through with automated voice call 2FA. Also it would be nice for one of our other use cases – the "get Siderea's doctor's office to call back and make sure a human answers no matter when they do" use case – for there to be one number that rings through to both of us. But also necessary that we can schedule it not to ring when one or the other of us are asleep, while still ringing through to the other. I need to be able to 2FA at 2:00 A.M. and Mr. B very much needs my doing so not to cause his phone to ring.

***** Maybe not strictly necessary, but there's a lot of systems that react poorly, or at least with more scrutiny, to customer calls about accounts other than the ones associated with the number the call is coming from. It would be better if we just only ever called NStar from the number they have on record for us, but that means we need to be able to originate voice calls from the same number we'll be using with them for security purposes.


Edit: I'm really hoping for a non-Google, commercial solution.

(no subject)

Date: 2026-03-03 12:12 pm (UTC)
princessofgeeks: Shane smiling, caption Canada's Shane Hollander (Default)
From: [personal profile] princessofgeeks
I had this problem too and still do.

I managed all the household accounts when I was married and I still help my ex with his stuff. I am used to impersonating him on line all the time.

It's quite annoying when I have to get him to read me the PIN the security system texted him.

One option is that often the programs let you do the 2F through an email instead of texting and I use that when I can.

But I have never tried the approach you are wanting to find. I wish you the best of luck.

(no subject)

Date: 2026-03-03 12:17 pm (UTC)
totient: (Default)
From: [personal profile] totient
I use Google Voice for shared 2FA by having it forward texts to an email address, which in turn is set up to forward to multiple addresses. For banks that require a text response, and for the GV requirement of occasional outbound activity, this still requires a shared login, though I think that if it were only two people on the 2FA one of them could have outbound text access set up on their phone and the other could use a somewhat separate web access account.

This is a legacy GV account and I don't know if it would still work for a new user, but worth checking.

(no subject)

Date: 2026-03-03 12:21 pm (UTC)
viggorlijah: Klee (Default)
From: [personal profile] viggorlijah
can you not get a joint account with the bank? The reasons single account authentication works is that it means only one person = one audit trail so there's confidence in knowing the activity taking place was user X and not user Y. We use groups containing several users to access resources over a shared account because then I can grant access to the group but still see when an action was taken by user X specifically.

I cannot imagine any government or banking or health system being cleared to allow shared accounts with 2FA because it goes against every security principle we're trying to implement.

Your solution - forwarding the text - is a good work around. I regularly get texts from my kids asking for a PIN because I'm their backup for 2FA, and it's trivial to send it over.

For elderly and minors, it's usually a delegated account where the Responsible Adult has the PIN code and the delegated account has limited viewing/actions and triggers a release request to the adult to approve an action - same thing I used to do with joint accounts where the bank required multiple approvals for large transactions.

I'd suggest you get a cheap burner phone that you can physically trade off between you for the 2FA codes for shared accounts if it's more about the annoyance of not being in the same physical space often.

Your question is both very reasonable and makes me break out in hives thinking about the security risk!

(no subject)

Date: 2026-03-05 02:59 pm (UTC)
andrewducker: (Default)
From: [personal profile] andrewducker

"It's just that his user account doesn't have access to all the functions of the bank account, so some things only I can do."

I would query that with the bank. Certainly, with the joint bank account that Jane and I have we both have equal access to everything.

(no subject)

Date: 2026-03-05 12:59 am (UTC)
hudebnik: (Default)
From: [personal profile] hudebnik
My spouse and I have three credit-union accounts -- hers, mine, and joint -- but I think the credit union stopped allowing new joint accounts twenty years ago, and we're grandfathered in.

The main desktop computer in the house "knows" the logins for all three, so there's not much actual separation, but we generally pay joint bills from the joint account, and each of us transfers money into it when necessary to cover that.

For our joint subscriptions, I created a "subscriptions@" account that actually subscribes to the online versions of journals, and forwards to both of our individual e-mail accounts. Which works for sites that send a one-time password; in the rare cases that somebody insists on getting an e-mail _from the subscribed account_, it's more of a pain but possible.

(no subject)

Date: 2026-03-03 12:28 pm (UTC)
goljerp: Photo of the moon Callisto (Default)
From: [personal profile] goljerp
This is, indeed, a pain. Not that I love Google, but would Google Voice + a Gmail account help? You can set it up so the 2FA "texts" go to the email associated with the Google Voice account, and while Gmail does love its 2FA, I think it's easier to turn it off or at least have it last longer, and Gmail seems OK with "me" (as far as it knows) being logged into the same account on multiple computers at the same time. You can have the Google voice account ring multiple actual numbers, I believe, so that might work with the other points. It's thinking outside the box, but sometimes you have to work hard to get around some of this stuff. Note that I haven't done the whole thing personally, but I do have several 2FA "texts" going to my google voice account, and that works just fine (from my perspective, although not "security" wise).

In my family, we deal with my Dad (who doesn't even have a cell phone anymore) by just having the 2FA go to my sister's phone, and she calls him with the code if needed. Which isn't too often, thank goodness. But yeah, that's a pain too.

(no subject)

Date: 2026-03-03 01:07 pm (UTC)
rebeccmeister: (Default)
From: [personal profile] rebeccmeister
I have had to do things involving attempts to share Google accounts for a nonprofit organization where there's turnover over time (and let me tell you, account management in general has been a total nightmare for us as a volunteer-run organization, so I 100% feel the 2FA pains). Based on that, I'm VERY skeptical of this approach. I don't have personal experience with Google Voice so as to comment on that particular aspect.

(no subject)

Date: 2026-03-03 12:37 pm (UTC)
lnr: Halloween 2023 (Default)
From: [personal profile] lnr
I don't know if UK banks are better at this: but both Mike and I have access to Nationwide bank's app and can see our joint account (though usually I manage it), as well as each having our own debit cards associated with it.

It's a pain when SMS/phone call is the only accepted MFA. (Some of the banking apps here will also accept verifying yourself on the mobile banking app as giving access to the web banking, but then presumably you'd have the issue of only one of you having the mobile app!)

I'm afraid I'm unlikely to be much help with phone providers - but good luck!

(no subject)

Date: 2026-03-05 07:17 pm (UTC)
cesy: "Cesy" - An old-fashioned quill and ink (Default)
From: [personal profile] cesy

But as my parents recently discovered, many UK banks and credit cards still treat one of you as primary and the other as secondary rather than true equals when it comes to things like 2FA and phone app notifications or seeing full transaction history or certain documents.

(no subject)

Date: 2026-03-03 12:56 pm (UTC)
jered: (Default)
From: [personal profile] jered
I also use Google Voice for this purpose, as [personal profile] totient describes. (You can do both forwarding, but also use the app to directly send messages and have it installed and logged in on multiple devices.)

(no subject)

Date: 2026-03-04 03:34 am (UTC)
jered: (Default)
From: [personal profile] jered
I do not use that feature, but I believe so:
https://support.google.com/voice/answer/11420769

(no subject)

Date: 2026-03-03 01:26 pm (UTC)
karen2205: Me with proper sized mug of coffee (Default)
From: [personal profile] karen2205
Check locally, but in the UK joint credit cards don't exist - it's always a main user with secondary cardholders, with the main user responsible for all the debt. So the solution to that may be you each have your own credit cards.

In the UK, you can have joint bank accounts where both (and I think up to four) people have equal access to everything. There are also other options for third party access intended for eg. people out of the country for ages / elderly relatives / people who can't make their own financial decisions. Is it possible your problem is a failure on the bank's part to set the account up properly? Or is it a your current bank problem and the fix is trying a different bank that knows how to set up joint accounts properly? I get that that's maybe too obvious but seems worth checking before getting into safe enough workarounds for 2FA.

(no subject)

Date: 2026-03-03 02:36 pm (UTC)
neekabe: Bucky from FatWS smiling (Default)
From: [personal profile] neekabe
I will also be watching this because as an executive assistant two factor is the bane of my existence.

Some imperfect workarounds I've found in my situations:
- Some banks if you can't do two factor will allow personal verification questions. You usually have to bypass the text option by saying it didn't work.
- One bank has allowed two phone numbers. One has to fail first then you can choose a backup/secondary method.
- Some non-SMS two-factor authentication can be set up through 1Password manager which does allow shared accounts.

(no subject)

Date: 2026-03-03 02:43 pm (UTC)
calimac: (Default)
From: [personal profile] calimac
We're facing the same situation with 2FA, but it's been less of an annoyance because B. and I don't keep such different hours as in your case. I can usually call downstairs to her and ask her to check her phone or e-mail; at least if she's not home and it goes to e-mail I can hop over to her computer and check her account, which she leaves open.

No, for me the annoyance is if it goes to my phone, because I don't leave my phone on at home. (We have a landline and use that for most calls. I find it much less uncomfortable physically.) I have to rush to another room, fetch the phone and wait for it to turn on. So I always take the e-mail option if they offer it.

I was sole administrator when my mother became ill, because one sibling wasn't reliable and the other far away. But it wasn't a problem. But this was 12 years ago. She didn't even have a cell phone, though I did.

(no subject)

Date: 2026-03-03 02:54 pm (UTC)
desireearmfeldt: (Default)
From: [personal profile] desireearmfeldt
This has been boggling (and enraging) me for years. It's only been getting worse. Why are all the institutions not saying "hm, our tech support lines are absolutely jammed with people who can't reset their passwords because the account is linked to their spouse's email address and the spouse is not the one who knows anything about how the account works, maybe we should return to systems where joint access is a thing"?
Edited Date: 2026-03-03 02:57 pm (UTC)

(no subject)

Date: 2026-03-03 07:50 pm (UTC)
fredrikegerman: (cycling)
From: [personal profile] fredrikegerman

And this is in spite of our using a shared password manager with a bucket for joint credentials.

Our credit union has finally sorted this out, and Vanguard has mostly done the right thing – but in both cases as you observe there's one or two things only the "primary" can do.

Our joint credit card totally bungles it, and I have a login that covers two cards, one joint, one not, so I can't share it.

(no subject)

Date: 2026-03-03 03:16 pm (UTC)
wispfox: (Default)
From: [personal profile] wispfox
I don't know if this would help you two or not. I use Pulse SMS which allows me to have my SMSes on my computer as well as my phone.

(no subject)

Date: 2026-03-03 03:16 pm (UTC)
phi: (Default)
From: [personal profile] phi
I'm no longer married, but when I was, the credit card account allowed me to add multiple phone numbers for 2FA. The bank account used Google Authenticator, and while the owner of the bank account (my exhusband) had to do the initial authentication of Authenticator on my phone, I was then able to use it without a problem.

(no subject)

Date: 2026-03-03 04:32 pm (UTC)
thanate: (Default)
From: [personal profile] thanate
We have been fighting with this for years. The one account where we can both long on via 2FA involves both password-sharing (most joint accounts are under a household username & password set), and being able to choose whether to get the 2FA via phone or e-mail, at which point it has one person's phone number & the other's email. And they still require their designated account holder to give verbal consent before the supposedly joint account holder can do any phone stuff. It is SO ANNOYING. (and we keep a similar sleep schedule...)

Best of luck to you.

(no subject)

Date: 2026-03-03 06:44 pm (UTC)
cellio: (Default)
From: [personal profile] cellio

This is very aggravating and I would love a solution too. Utilities, too -- our Verizon account seems to be in this state where it's his name but my email address but his phone number, presumably because we've both had to initiate service calls but they only have one slot for each, so any interaction might require both of us depending on what they send, and I'm like... you're selling household FiOS; why in the world would you think there's only one adult here?? Drives me mad.

Far from a complete solution, but I recently learned that the Proton 2FA app also runs on a Mac desktop, so for 2FA that uses an app rather than SMS, maybe that helps? It's a thimble bailing out the ocean, I know.

(no subject)

Date: 2026-03-03 08:47 pm (UTC)
From: [personal profile] ewt
This is not what you're asking for, but I wonder whether a different workaround might be to have a third, shared, telephone, with its own number, which you only use for 2FA nonsense and which you keep in whatever room the non-sleeping person is in. There are situations where this wouldn't work well (if either of you travel separately much and still want to use it, for example), but it might solve some of your immediate headaches.

(no subject)

Date: 2026-03-04 04:45 am (UTC)
From: [personal profile] ewt

Bother. A pay-as-you-go SIM in the UK is not ridiculously expensive; I know telephony there is a whole other universe of labyrinthine bureaucracy, though.

(no subject)

Date: 2026-03-10 07:41 pm (UTC)
cellio: (Default)
From: [personal profile] cellio

Can one still get a phone that uses physical SIM cards, and/or does a phone that uses e-SIMs support more than one? I know that people sometimes buy local SIMs when traveling, so it feels like there must be some affordance, but I'm out of the loop.

The reason I ask is that if you only need it for 2FA things that you initiate, maybe it's possible to swap in the SIM you need only when you need it?

Edited Date: 2026-03-10 07:41 pm (UTC)

(no subject)

Date: 2026-03-04 06:38 pm (UTC)
nuclearpolymer: (Default)
From: [personal profile] nuclearpolymer
This whole thing is so unnecessarily complicated - why do financial systems that allow joint accounts NOT simply support multiple users each having the same amount of access to the managing of that account?

I believe that Ally Bank and Fidelity (the only two financial places I've had joint accounts at) allow all the people on a joint account to access that account with their own user login. The Fidelity system has, at least in the past, worked fine for a small organization that changes officers up to annually - after the officer change paperwork goes in, the old officers no longer see the organization's accounts, and the new officers see it. But it is possible that maybe we haven't stress tested doing the full range of management activities from all accounts and so might not have detected that one user got more admin privileges.

(no subject)

Date: 2026-03-06 06:17 pm (UTC)
terriko: (Default)
From: [personal profile] terriko
Ugh, yes to all of this. We have many of the and problems.

We use a voip solution (voip.ms specifically) to handle texts and a shared password manager that will do an authenticator when they don't need a phone number (bitwarden is specifically what we're using) but there are still edge cases where it doesn't work and we have to coordinate by handing each other a phone. Banks are really random about what they can and will text, apparently.

About

Artisanal wisdom prepared by hand in small batches from only the finest, locally sourced, organic insights.

Not homogenized • Superlative clarity • Excellently thought provoking

Telling you things you didn't know you knew & pointing out things that you didn't know that you didn't know since at least 2004.

June 2026

S M T W T F S
 123456
78910111213
1415 1617181920
21222324252627
2829 30