Happy day,

Our firm has grown a bit and I now employ FT eight people.  It is joyfully terrifying as, like you, we have access to all sorts of client data.  And while I have a security policy and have employees sign all sorts of documents, in the end, it all boils down to trust and ethics. 

A common problem I have is that we have logins to many banks, brokerages, retirement and payroll platforms.  All of them use two-factor authentication, which means that on any given day, my phone or email is hammered with authentication requests.  Its annoying for staff and I, but fine when I am in town. When I am out on...ha ha...vacation...in...ha ha...Ambergris Cay, Belize, I would not be receiving these messages and my practice's ability to serve clients would stall or die.

Not too long ago I changed to a Google Voice account for the 2FA texts and a generic practice email address.  A lot of things became smoother for everyone.  Until I pondered a simple question:  what happens if a disgruntled employee logs in and changes the passwords and 2FA info?  Then what?

And so I figure that someone among this throng has wrestled with this stuff before, and perhaps has a better solution they would be willing to share.