You should never share login credentials to any online account with another person. Many times, it’s possible to set up accounts so that they can be managed by multiple people through delegations to individual accounts. For help with this, check our guide on sharing accounts without sharing passwords.
However, we know that in the campaign context, there are times when this is not possible. If sharing a password is the only option, there are still some ways to do so more securely.
Many password managers allow you to share login credentials from within the manager. (This is true of password managers that are standalone applications, but not of those that are browser-based). This is the best way to share login credentials with multiple users.
The trickiest part of sharing login credentials will be setting up second factor authentication (2FA) on the shared account. This is because the purpose of setting up 2FA on an account is to show that the person signing in is the individual for whom the account was set up. Setting up multiple users with 2FA for a single credential may reduce the security benefits of having 2FA, but it is likely still better than forgoing completely.
When setting up 2FA through an app such as Authy or Duo, you can share the 2FA feature by sharing the QR code that is provided during the setup process. To do this, follow these steps:
- Take a screenshot of the QR code, and print it out.
- Delete the screenshot from your computer, so that it is not vulnerable in case your computer becomes compromised.
- Allow the additional account users to scan the QR code that you printed to set up 2FA on the account through the device's app.
It's a good idea to file this QR code in the same safe place as any backup codes that you have for these accounts. See our Guide to Choosing a Second Factor for more information on choosing an authentication method, and set-up.