74 votesJames Juran supported this idea ·James Juran commented
I'd like to be able to configure multiple owners for my account. Currently it's limited to one owner per account, and the owner must "give away" ownership to change the owner; it can't be "taken away".
My organization has the following policies:
1. All accounts must be assigned to a single person (no shared accounts)
2. All accounts must have 2FA enabled
3. If any single individual leaves our organization, we must still have full access to all external service accounts, without requiring the cooperation of the person leaving. (i.e. my company needs to be able to turn off my access and fire me, and have everything still work).
The way we've been able to achieve this with most of our external service providers is by having multiple individuals with owner-level access. That way they are all tied to an individual person and can all be 2FA-enabled, and if I get fired there are other owners still around.