I have been kicking around a post idea for something like a year or a year and a half, but I've been torn between wanting to write it as a post (and tell you things) and wanting to ask for solutions.
Mr. Bostoniensis and I have been trying to consolidate our household, and the Brave New World of the Internet is... not facilitating this. Vendor after vendor, platform after platform, is organized around the concept of a single user account. Even when company accounts nominally allow multiple user accounts, typically one user account is the real user account and the other has restricted access.
For instance, when setting up joint financial instruments, we split up the work: I would set up the joint bank accounts, he would set up the joint credit cards. We subsequently discovered that he can't access the statements and tax documents in our nominally-joint bank account's online portal, and I can't have an independent login at all for our allegedly joint credit cards that show up on my credit report.
This is infuriating. What we want to happen is that he and I have equal full access to the accounts we share, such that either of us can do what needs to be done on them, which I thought was a pretty normal approach to, well, life. I did not think heterosexual marriage was some sort of weird counter-cultural edge-case, and it offends my software developer soul to be reduced to sharing usernames and passwords.
But that is exactly the case, and I would just hold my nose and do it, except for one thing.
Two-factor authentication.
If I want to be able to two-factor into an account that uses his phone number, I have to access his phone. Something best done while he is not asleep, which, unfortunately, is precisely when I am most likely to want to be paying bills or doing online shopping. Likewise, if he wants to two-factor into an account that uses my phone number, he'll need access to my phone. Which, honestly, he could probably slip into the room and grab off the charger while I'm asleep – which is precisely when he'll be wanting into those accounts – but that does him no good if say I were out of town or in the hospital or some such.
And more and more 2FA is becoming mandatory. You can't turn it off. (Or in the notable case of one of our credit cards, you can turn it off. It will two-factor you anyways, but the account settings assure you it's off.)
Two-factor authentication is stupid and awful for so many reasons, but it has only recently dawned on me that one of them is that 2FA is intended to keep anyone else from logging in to your account and I actually want someone else to log into my account. Legitimately, I think.
So.
Obviously, the Bostoniensis household requires some sort of telephony solution such that:
• text messages (SMS) sent to a single phone number propagate to two cell phones; *
• either of the two cell phones can originate text messages from that single phone number which is not the phone number of either of those phones; **
• and the phone that didn't send the reply gets a copy of it, so it can stay in sync with the convo; ***
• voice calls sent to that single phone number propagate to one, the other, or both simultaneously of the two cell phones, depending on a on-the-fly configurable schedule of when which call goes where; ****
• either cell phone can originate a voice call that will appear to come from the shared number; ****
• ideally, both cell phones could conference into the same call with a third party, but that's a bonus;
• must be compatible with Android phones, an probably needs to support iOS as well; we'd love a solution that also supports web and/or MacOS desktop access, but that's a bonus.
I am looking for recommendations for solutions that (are known to) meet this specification. There are lots of solutions for small businesses, but r/smallbusiness drags a lot of them for filth, and also we're cheap and don't want to pay a fortune, especially for a lot of businessy services we don't need like the ability to spam-SMS 10k prospective customers an hour or (all the rage right now) deploy an AI receptionist or surreptitiously surveil our customer service agents' work for quality and training purposes or integrate with Salesforce.
Also, crucially, a lot of these services seem to be based on a phone tree model, where each handset gets its own extension, and I'm really unclear how that would work with automated voice-call 2FA. Not well, I am guessing.
So what I am looking for is knowing recommendations that can answer from direct experience as to whether a solution will support our intended use case.
Has anybody else even tried to solve this problem? Or does everybody else just accept that financial instruments, online retail accounts, and virtual services can only really belong to one member of a couple at at time?
This seems like something there should be an obvious commercial service for, targetted at families, but the only one I found no longer is in the Play store and also may be wholly defunct.
As a side note, this isn't only relevant for couples. It's relevant to all sorts of multi-adult households, from polycules to multigenerational households. It is of particular relevance to people with aging elders who might want to be able to get into the elder's accounts to help them from afar. Especially adult siblings of aging parents, where no one sibling should be the only person stuck with all the administrative work. It's surprising that I haven't found a commercial solutions to this yet, and wonder if there already is one everybody else already knows about.
* Necessary to allow either member to receive a 2FA text message when either one initiates a log in.
** Necessary in the case we want to revoke texting permission to a third party by "text STOP to end".
*** Necessary not to engage in an inadvertent Abbot and Costello routine.
**** Necessary because every once in a while a 2FA system will barf on texting VOIP numbers, and only successfully get through with automated voice call 2FA. Also it would be nice for one of our other use cases – the "get Siderea's doctor's office to call back and make sure a human answers no matter when they do" use case – for there to be one number that rings through to both of us. But also necessary that we can schedule it not to ring when one or the other of us are asleep, while still ringing through to the other. I need to be able to 2FA at 2:00 A.M. and Mr. B very much needs my doing so not to cause his phone to ring.
***** Maybe not strictly necessary, but there's a lot of systems that react poorly, or at least with more scrutiny, to customer calls about accounts other than the ones associated with the number the call is coming from. It would be better if we just only ever called NStar from the number they have on record for us, but that means we need to be able to originate voice calls from the same number we'll be using with them for security purposes.
Edit: I'm really hoping for a non-Google, commercial solution.
Mr. Bostoniensis and I have been trying to consolidate our household, and the Brave New World of the Internet is... not facilitating this. Vendor after vendor, platform after platform, is organized around the concept of a single user account. Even when company accounts nominally allow multiple user accounts, typically one user account is the real user account and the other has restricted access.
For instance, when setting up joint financial instruments, we split up the work: I would set up the joint bank accounts, he would set up the joint credit cards. We subsequently discovered that he can't access the statements and tax documents in our nominally-joint bank account's online portal, and I can't have an independent login at all for our allegedly joint credit cards that show up on my credit report.
This is infuriating. What we want to happen is that he and I have equal full access to the accounts we share, such that either of us can do what needs to be done on them, which I thought was a pretty normal approach to, well, life. I did not think heterosexual marriage was some sort of weird counter-cultural edge-case, and it offends my software developer soul to be reduced to sharing usernames and passwords.
But that is exactly the case, and I would just hold my nose and do it, except for one thing.
Two-factor authentication.
If I want to be able to two-factor into an account that uses his phone number, I have to access his phone. Something best done while he is not asleep, which, unfortunately, is precisely when I am most likely to want to be paying bills or doing online shopping. Likewise, if he wants to two-factor into an account that uses my phone number, he'll need access to my phone. Which, honestly, he could probably slip into the room and grab off the charger while I'm asleep – which is precisely when he'll be wanting into those accounts – but that does him no good if say I were out of town or in the hospital or some such.
And more and more 2FA is becoming mandatory. You can't turn it off. (Or in the notable case of one of our credit cards, you can turn it off. It will two-factor you anyways, but the account settings assure you it's off.)
Two-factor authentication is stupid and awful for so many reasons, but it has only recently dawned on me that one of them is that 2FA is intended to keep anyone else from logging in to your account and I actually want someone else to log into my account. Legitimately, I think.
So.
Obviously, the Bostoniensis household requires some sort of telephony solution such that:
• text messages (SMS) sent to a single phone number propagate to two cell phones; *
• either of the two cell phones can originate text messages from that single phone number which is not the phone number of either of those phones; **
• and the phone that didn't send the reply gets a copy of it, so it can stay in sync with the convo; ***
• voice calls sent to that single phone number propagate to one, the other, or both simultaneously of the two cell phones, depending on a on-the-fly configurable schedule of when which call goes where; ****
• either cell phone can originate a voice call that will appear to come from the shared number; ****
• ideally, both cell phones could conference into the same call with a third party, but that's a bonus;
• must be compatible with Android phones, an probably needs to support iOS as well; we'd love a solution that also supports web and/or MacOS desktop access, but that's a bonus.
I am looking for recommendations for solutions that (are known to) meet this specification. There are lots of solutions for small businesses, but r/smallbusiness drags a lot of them for filth, and also we're cheap and don't want to pay a fortune, especially for a lot of businessy services we don't need like the ability to spam-SMS 10k prospective customers an hour or (all the rage right now) deploy an AI receptionist or surreptitiously surveil our customer service agents' work for quality and training purposes or integrate with Salesforce.
Also, crucially, a lot of these services seem to be based on a phone tree model, where each handset gets its own extension, and I'm really unclear how that would work with automated voice-call 2FA. Not well, I am guessing.
So what I am looking for is knowing recommendations that can answer from direct experience as to whether a solution will support our intended use case.
Has anybody else even tried to solve this problem? Or does everybody else just accept that financial instruments, online retail accounts, and virtual services can only really belong to one member of a couple at at time?
This seems like something there should be an obvious commercial service for, targetted at families, but the only one I found no longer is in the Play store and also may be wholly defunct.
As a side note, this isn't only relevant for couples. It's relevant to all sorts of multi-adult households, from polycules to multigenerational households. It is of particular relevance to people with aging elders who might want to be able to get into the elder's accounts to help them from afar. Especially adult siblings of aging parents, where no one sibling should be the only person stuck with all the administrative work. It's surprising that I haven't found a commercial solutions to this yet, and wonder if there already is one everybody else already knows about.
* Necessary to allow either member to receive a 2FA text message when either one initiates a log in.
** Necessary in the case we want to revoke texting permission to a third party by "text STOP to end".
*** Necessary not to engage in an inadvertent Abbot and Costello routine.
**** Necessary because every once in a while a 2FA system will barf on texting VOIP numbers, and only successfully get through with automated voice call 2FA. Also it would be nice for one of our other use cases – the "get Siderea's doctor's office to call back and make sure a human answers no matter when they do" use case – for there to be one number that rings through to both of us. But also necessary that we can schedule it not to ring when one or the other of us are asleep, while still ringing through to the other. I need to be able to 2FA at 2:00 A.M. and Mr. B very much needs my doing so not to cause his phone to ring.
***** Maybe not strictly necessary, but there's a lot of systems that react poorly, or at least with more scrutiny, to customer calls about accounts other than the ones associated with the number the call is coming from. It would be better if we just only ever called NStar from the number they have on record for us, but that means we need to be able to originate voice calls from the same number we'll be using with them for security purposes.
Edit: I'm really hoping for a non-Google, commercial solution.
(no subject)
Date: 2026-03-03 12:12 pm (UTC)I managed all the household accounts when I was married and I still help my ex with his stuff. I am used to impersonating him on line all the time.
It's quite annoying when I have to get him to read me the PIN the security system texted him.
One option is that often the programs let you do the 2F through an email instead of texting and I use that when I can.
But I have never tried the approach you are wanting to find. I wish you the best of luck.
(no subject)
Date: 2026-03-03 12:17 pm (UTC)This is a legacy GV account and I don't know if it would still work for a new user, but worth checking.
(no subject)
Date: 2026-03-03 12:21 pm (UTC)I cannot imagine any government or banking or health system being cleared to allow shared accounts with 2FA because it goes against every security principle we're trying to implement.
Your solution - forwarding the text - is a good work around. I regularly get texts from my kids asking for a PIN because I'm their backup for 2FA, and it's trivial to send it over.
For elderly and minors, it's usually a delegated account where the Responsible Adult has the PIN code and the delegated account has limited viewing/actions and triggers a release request to the adult to approve an action - same thing I used to do with joint accounts where the bank required multiple approvals for large transactions.
I'd suggest you get a cheap burner phone that you can physically trade off between you for the 2FA codes for shared accounts if it's more about the annoyance of not being in the same physical space often.
Your question is both very reasonable and makes me break out in hives thinking about the security risk!
(no subject)
Date: 2026-03-03 12:48 pm (UTC)We thought we did. When we applied, we both had to do the whole application packet individually. And to be clear, we each have our own login on the bank website to access our joint accounts.
It's just that his user account doesn't have access to all the functions of the bank account, so some things only I can do.
Unless I let him have my username and password and login as me.
You see the problem.
> We use groups containing several users to access resources over a shared account because then I can grant access to the group but still see when an action was taken by user X specifically.
That is the correct solution, and so far the only org we do business with that gets this right is, for some reason, T-Mobile.
> For elderly and minors, it's usually a delegated account where the Responsible Adult
Stop right there. That's the problem, not the solution: the Responsible Adult, singular. As if a minor only has one parent, as if an elder only has one child.
> Your question is both very reasonable and makes me break out in hives thinking about the security risk!
Please feel free to suggest the gospel to fellow security personnel that having multiple user accounts per what I will refer to as asset accounts should be the default assumption. This idea of one user account to one bank account is bonkers, and leads to sharing of login credentials. Don't want people to share login credentials? Don't make them. Build systems to support multi-user accounts in the first place.
(no subject)
Date: 2026-03-05 02:59 pm (UTC)"It's just that his user account doesn't have access to all the functions of the bank account, so some things only I can do."
I would query that with the bank. Certainly, with the joint bank account that Jane and I have we both have equal access to everything.
(no subject)
Date: 2026-03-05 07:49 pm (UTC)(no subject)
Date: 2026-03-05 12:59 am (UTC)The main desktop computer in the house "knows" the logins for all three, so there's not much actual separation, but we generally pay joint bills from the joint account, and each of us transfers money into it when necessary to cover that.
For our joint subscriptions, I created a "subscriptions@" account that actually subscribes to the online versions of journals, and forwards to both of our individual e-mail accounts. Which works for sites that send a one-time password; in the rare cases that somebody insists on getting an e-mail _from the subscribed account_, it's more of a pain but possible.
(no subject)
Date: 2026-03-03 12:28 pm (UTC)In my family, we deal with my Dad (who doesn't even have a cell phone anymore) by just having the 2FA go to my sister's phone, and she calls him with the code if needed. Which isn't too often, thank goodness. But yeah, that's a pain too.
(no subject)
Date: 2026-03-03 01:07 pm (UTC)(no subject)
Date: 2026-03-03 12:37 pm (UTC)It's a pain when SMS/phone call is the only accepted MFA. (Some of the banking apps here will also accept verifying yourself on the mobile banking app as giving access to the web banking, but then presumably you'd have the issue of only one of you having the mobile app!)
I'm afraid I'm unlikely to be much help with phone providers - but good luck!
(no subject)
Date: 2026-03-04 12:30 am (UTC)Like I said in the original post, that's what we have however "We subsequently discovered that he can't access the statements and tax documents in our nominally-joint bank account's online portal".
(no subject)
Date: 2026-03-05 07:17 pm (UTC)But as my parents recently discovered, many UK banks and credit cards still treat one of you as primary and the other as secondary rather than true equals when it comes to things like 2FA and phone app notifications or seeing full transaction history or certain documents.
(no subject)
Date: 2026-03-03 12:56 pm (UTC)(no subject)
Date: 2026-03-04 12:30 am (UTC)(no subject)
Date: 2026-03-04 03:34 am (UTC)https://support.google.com/voice/answer/11420769
(no subject)
Date: 2026-03-03 01:26 pm (UTC)In the UK, you can have joint bank accounts where both (and I think up to four) people have equal access to everything. There are also other options for third party access intended for eg. people out of the country for ages / elderly relatives / people who can't make their own financial decisions. Is it possible your problem is a failure on the bank's part to set the account up properly? Or is it a your current bank problem and the fix is trying a different bank that knows how to set up joint accounts properly? I get that that's maybe too obvious but seems worth checking before getting into safe enough workarounds for 2FA.
(no subject)
Date: 2026-03-04 12:32 am (UTC)Ah, that's an interesting possibility, thanks for mentioning.
> So the solution to that may be you each have your own credit cards.
....of course we already have our own credit cards. Why would you think we didn't? There's no sense that is a solution to the problem.
(no subject)
Date: 2026-03-03 02:36 pm (UTC)Some imperfect workarounds I've found in my situations:
- Some banks if you can't do two factor will allow personal verification questions. You usually have to bypass the text option by saying it didn't work.
- One bank has allowed two phone numbers. One has to fail first then you can choose a backup/secondary method.
- Some non-SMS two-factor authentication can be set up through 1Password manager which does allow shared accounts.
(no subject)
Date: 2026-03-04 12:34 am (UTC)I just discovered one credit card company nominally allows two phone numbers, but when we attempted to add my phone number to the account, it threw an error saying my perfectly ordinary American cell phone number which I have had for more than 20 years was invalid as a phone number.
Le sigh.
(no subject)
Date: 2026-03-03 02:43 pm (UTC)No, for me the annoyance is if it goes to my phone, because I don't leave my phone on at home. (We have a landline and use that for most calls. I find it much less uncomfortable physically.) I have to rush to another room, fetch the phone and wait for it to turn on. So I always take the e-mail option if they offer it.
I was sole administrator when my mother became ill, because one sibling wasn't reliable and the other far away. But it wasn't a problem. But this was 12 years ago. She didn't even have a cell phone, though I did.
(no subject)
Date: 2026-03-04 12:44 am (UTC)The annoyance is one thing, but there's the other issue of "one is none and two is one": what if something happens to the other person or their cell phone? Not a made-up example: a couple years ago, I had a business credit card cancelled out from under me (when PayPal abruptly exited the business credit card market), and the first I knew of it was my business phone service turning off, leaving me in the situation of needing to log into my phone company website to find out why the charge didn't go through but needing a phone to 2FA in to my account. Fortunately, I didn't use my business phone to be my 2FA number, so getting in wasn't a trouble, but it could have been quite exciting. Now imagine the customer service call, "I need to get into my spouse's account, but he's unconscious in an ICU from the same car accident that destroyed his cell phone. Trust me, I'm his wife."
Also divorce and abuse are things that happen, and this is all a set up for one family member to have a scary amount of control over others. It was fine in your eldercare situation, but I'm sure you could imagine one in which a malevolent sibling gets control of the elder's bank accounts and nobody else can see what they're up to in there.
(no subject)
Date: 2026-03-03 02:54 pm (UTC)(no subject)
Date: 2026-03-03 07:50 pm (UTC)And this is in spite of our using a shared password manager with a bucket for joint credentials.
Our credit union has finally sorted this out, and Vanguard has mostly done the right thing – but in both cases as you observe there's one or two things only the "primary" can do.
Our joint credit card totally bungles it, and I have a login that covers two cards, one joint, one not, so I can't share it.
(no subject)
Date: 2026-03-03 03:16 pm (UTC)(no subject)
Date: 2026-03-04 12:47 am (UTC)(no subject)
Date: 2026-03-03 03:16 pm (UTC)(no subject)
Date: 2026-03-03 04:32 pm (UTC)Best of luck to you.
(no subject)
Date: 2026-03-03 06:44 pm (UTC)This is very aggravating and I would love a solution too. Utilities, too -- our Verizon account seems to be in this state where it's his name but my email address but his phone number, presumably because we've both had to initiate service calls but they only have one slot for each, so any interaction might require both of us depending on what they send, and I'm like... you're selling household FiOS; why in the world would you think there's only one adult here?? Drives me mad.
Far from a complete solution, but I recently learned that the Proton 2FA app also runs on a Mac desktop, so for 2FA that uses an app rather than SMS, maybe that helps? It's a thimble bailing out the ocean, I know.
(no subject)
Date: 2026-03-03 08:47 pm (UTC)(no subject)
Date: 2026-03-04 12:48 am (UTC)(no subject)
Date: 2026-03-04 04:45 am (UTC)Bother. A pay-as-you-go SIM in the UK is not ridiculously expensive; I know telephony there is a whole other universe of labyrinthine bureaucracy, though.
(no subject)
Date: 2026-03-04 07:30 am (UTC)This is starting to hauntingly remind me of that copy pasta about feeding shelter cats to coyotes.
ETA: I am nostalgic for being able to buy a low-end Android device for 20 bucks.
(no subject)
Date: 2026-03-10 07:41 pm (UTC)Can one still get a phone that uses physical SIM cards, and/or does a phone that uses e-SIMs support more than one? I know that people sometimes buy local SIMs when traveling, so it feels like there must be some affordance, but I'm out of the loop.
The reason I ask is that if you only need it for 2FA things that you initiate, maybe it's possible to swap in the SIM you need only when you need it?
(no subject)
Date: 2026-03-04 06:38 pm (UTC)I believe that Ally Bank and Fidelity (the only two financial places I've had joint accounts at) allow all the people on a joint account to access that account with their own user login. The Fidelity system has, at least in the past, worked fine for a small organization that changes officers up to annually - after the officer change paperwork goes in, the old officers no longer see the organization's accounts, and the new officers see it. But it is possible that maybe we haven't stress tested doing the full range of management activities from all accounts and so might not have detected that one user got more admin privileges.
(no subject)
Date: 2026-03-05 04:10 am (UTC)Alas, joint account under discussion is with one of those two financial institutions.
(no subject)
Date: 2026-03-06 06:17 pm (UTC)We use a voip solution (voip.ms specifically) to handle texts and a shared password manager that will do an authenticator when they don't need a phone number (bitwarden is specifically what we're using) but there are still edge cases where it doesn't work and we have to coordinate by handing each other a phone. Banks are really random about what they can and will text, apparently.
(no subject)
Date: 2026-03-07 11:53 pm (UTC)Wait. Wait. Back up. I just checked out this voip.ms thing and it sounds... ideal? Is it not? Do you only use it for SMS and not voice? Have you used the softphone app, and if so, do you like it? How long have you had it and have you had to deal with their customer service, and if so how was it?
What kinds of edge case don't work with it?