As hard as it is for me to believe, my oldest child recently turned 18. The age of majority in the US means they are now able to take charge of – and be personally responsible for – much more of their lives than my husband and I have cared for them. This includes online accounts we set up for them with places like government agencies (for passports and ID), Amazon and the like.
With two-factor authentication (2FA) encouraged or required on many sites, what’s the easiest way to transfer control from you to your child while keeping security intact? Here is a general set of steps that depend on Apple operating systems and iCloud Keychain.
Log in to the account first.
Then copy the account information to your child:
Apple operating systems: With passwords stored in your keychain on an iPhone, iPad, or Mac (or synced via iCloud Keychain), you can share the item with your child. This varies by operating system version and version. In the latest versions: in iOS 15/iPad 15, go to Settings > Passwords, find the item and tap the share button; in macOS 12 Monterey, either go to System Preferences > Passwords or Safari > Preferences > Passwords, find the item and click the share button. Use AirDrop or another method to send it to your child.
Third-party password managers: With 1Password or other password managers and with a shared vault enabled, you can copy or move the item to that shared vault. You may also be able to share an item from within the app that can be accessed with a free or paid version of the app your child has installed. (Warning! I strongly advise against using Google Chrome’s password manager, as it doesn’t have the end-to-end device lock protection provided by iCloud Keychain and major third-party password managers.)
Read out loud: You can also literally read the password out loud and have your descendant repeat it for accuracy. (Just like in the old days: read to your child.)
Have your child create an account in the password manager app, including passwords in iOS, iPadOS, or macOS, before proceeding so that they can add a verification code in a next step. But don’t let them log in yet.
Update linked data in the account:
E-mail: If you’ve used an email address under your control to manage their account, it’s time to migrate it. Change the email address. You may need to change both an account login address and an email address used for sending messages (some sites manage these separately). Please wait for all account details to be handed over before they click a link to confirm via email to avoid losing access while still transferring the account.
Phone number: Change the phone number to theirs. They can receive a confirmation call or SMS that they can read or show you, and you can confirm for them immediately.
Mailing address: Update the mailing address if they have moved or are about to move.
Finally, shift second-factor authentication to accounts that require it. If you are on a site that allows multiple 2FA authenticators that can produce a TOTP (time-based one-time password) used for authentication, the next step is to add their authenticator.
Choose to add an authenticator.
Give it a descriptive name when given an option (usually you are).
The site displays a QR code and usually the associated “seed” text (a shared secret) for the token. Your child can use an authentication app (I recommend Authy), a third-party password manager with TOTP support like 1Password, or Apple’s built-in TOTP recognition system. If they have an iPhone or iPad, an authentication or password app will bring up a camera view, or use the Camera app to add to an Apple managed login. If they don’t, you can read the seed code aloud and let them enter it in the correct place. (See below for more information on Apple’s approach.)
The authentication app or component generates a code on your child’s device that you then enter to confirm correct enrollment.
Remove your authenticator and log out.
For sites that don’t allow more than one authenticator, disable 2FA, log out and let your child log in with the account and password (you may want to confirm a new email address via an email link first), then help them sign in to write 2FA if they are not familiar with it.
Apple supports TOTPs – it calls them “verification codes” directly in iOS 15, iPadOS 15 and macOS 12 Monterey and later. In iOS 15/iPadOS 15, you can use the Camera app to point to a QR code and then tap a link on the screen to add the verification code. You can also touch and hold and select a code on a web page or in an email Add verification code. In Monterey, you can Control-click or right-click a QR code on a web page to add it. However, you can only add a verification code to an existing account, so make sure your child has made the account entry early in the process, as mentioned above. (You can read this column for a more detailed explanation of adding verification codes in iOS, iPadOS, and macOS.)
Your kid can now delete any remaining traces of you from their account or keep you there as a “rescue email” or “trusted phone number” or similar if they want a backup in addition to options to restore account access provided by the service.
Ask Mac 911
We’ve put together a list of the most frequently asked questions, along with answers and links to columns: read our super frequently asked questions to see if your question is there. If not, we are always looking for new problems to solve! Email yours to [email protected], including screenshots where appropriate and if you’d like to use your full name. Not every question is answered, we don’t answer email and we can’t provide direct advice to solve problems.