2-person passwords?

A reader has a password idea:

“This may seem a strange idea, but is it possible to establish passwords that can only be changed by two people and not just one?  This can be done with bank accounts — two signatures required for any activity for the account.  Is there any way to make it possible that changing passwords for websites, email accounts, etc. can be done only by two designated users?   Any advice, suggestions, help will be deeply appreciated.”

The reason bank accounts require two signatures is that they are usually joint accounts. As far as I know, you can’t have joint social media, email, or tech company accounts. (with the exception of kids accounts that require parental approval for actions like purchases.)  If two people are both admins of a Facebook business page, they each log in with their own personal Facebook log-in. This is also the case for administering a website. Each user has their very own login and password.

The online equivalent of requiring two signatures is two-factor authentication. That means that in addition to signing in with your username and password, you must take an additional step. Often that is inputting a code that’s sent to an alternate email address or smartphone. Sometimes it’s approving a request in an app.

If your thought is that requiring two people to approve it makes it more secure, then two-factor authentication takes care of that. I suggest everyone activate two-factor authentication for any account that permits it.

If the concern arises from allowing a particular individual to have access to something like a website, most platforms have administrator accounts that allow you to give limited permissions to post or perform other activities but not to do tasks like changing the passwords.

If, for whatever reason, you have two individuals sharing another type of account, you could set it up that one person has the username and password and the other person the email address or phone number required for confirmation. Although if the issue is that you don’t trust one of the individuals completely, that’s more of a people problem than a tech one.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.