Any decent password manager nowadays allows sharing of 2FA tokens, it's not a technical problem, it's a managerial and staff training problem in non-tech industries. It is simply not enforced enough and there are still too many people who are not aware of the risks and can not be bothered to be inconvenienced.<p>Disclosure: My company is offering a web-based 2FA authenticator (<a href="https://www.daito.io/" rel="nofollow">https://www.daito.io/</a>) that explicitly is for sharing 2FA tokens, but not usernames+passwords, thus eliminating a single point of failure. I regularly have discussions about why and sadly why not people are using 2FA. There are tons of small business & mom+pop shops out there who are at risk.<p>I hope the guidance gets upgraded to a mandatory requirement (as some platforms do) sometime soon.