Hopefully, this is related (spank me if it's not) - why would one use Authy over Google Authenticator (which I currently use)?

Auth has nice features like sync between devices, fingerprint login to open authy (MFA on your MFA), and works well on many platforms. I did read an article on why it was so much better recently, so if you google for it you might find it.

Authy makes life very easy when you change phone. With Google Authenticator you're pretty much stuffed.

timmmay:

 

I don't think taking a photo of that square thing actually works if you photograph it later - I think it's time limited. I've done it with AWS in the past and pretty sure it didn't work. Anyone who does that, please try it out and post the result.

 

Not time limited. The QR code for TOTP is just a seed for the code generation. It doesn't change (unless you re-setup 2FA)

When you setup 2FA, just copy the key (it's a 64 character string) and store it in your shared password safe or whatever.

Then whoever needs it can just add an account in Google Authenticator or Authy using that key rather than a QR code.

Also one thing to remember there is the Authy Desktop app, which I frequently use too. So you don't even need a phone after the account is first setup and you assign an email address. Just login on your desktop and you can copy and paste the 2FA codes.