Why avoid shared user accounts?Security precautions for shared iPads in a customer facing corporate...
Not a Long-Winded Riddle
Why is it that Bernie Sanders is always called a "socialist"?
Why do we have to make "peinlich" start with a capital letter and also end with -s in this sentence?
How to not let the Identify spell spoil everything?
Why did Luke use his left hand to shoot?
False written accusations not made public - is there law to cover this?
Why is a temp table a more efficient solution to the Halloween Problem than an eager spool?
How do you get out of your own psychology to write characters?
Why didn't Tom Riddle take the presence of Fawkes and the Sorting Hat as more of a threat?
Why avoid shared user accounts?
Why does 0.-5 evaluate to -5?
The No-Straight Maze
How vim overwrites readonly mode?
How do I prevent a homebrew Grappling Hook feature from trivializing Tomb of Annihilation?
What does an unprocessed RAW file look like?
Why did the villain in the first Men in Black movie care about Earth's Cockroaches?
Current across a wire with zero potential difference
What species should be used for storage of human minds?
Does the ditching switch allow an A320 to float indefinitely?
How to access internet and run apt-get through a middle server?
What is the difference between "...", '...', $'...', and $"..." quotes?
Non-Cancer terminal illness that can affect young (age 10-13) girls?
Is there any danger of my neighbor having my wife's signature?
Subsurf on a crown. How can I smooth some edges and keep others sharp?
Why avoid shared user accounts?
Security precautions for shared iPads in a customer facing corporate environmentHow to secure shared user on build server?Privileged access management vs named accountsIs it good practice if all programs have their own user ID?Why delete user accounts, when no longer needed - businessSolution to hide a shared password to usersUnix - Is it safe by default to give a new user ssh access and be certain they can not alter the system?Is there a security advantage or risk in removing disabled user accounts?Dealing with shared credentials when an employee leavesHow to catch people creating many accounts on the same website using very unique credentials?
I know its best practice not to allow shared user accounts, but where is this best practice defined? Is it an ISO standard or something? What is the reasons to always create per person accounts?
access-control user-management
New contributor
add a comment |
I know its best practice not to allow shared user accounts, but where is this best practice defined? Is it an ISO standard or something? What is the reasons to always create per person accounts?
access-control user-management
New contributor
7
Auditing is the main argument.
– ThoriumBR
21 hours ago
add a comment |
I know its best practice not to allow shared user accounts, but where is this best practice defined? Is it an ISO standard or something? What is the reasons to always create per person accounts?
access-control user-management
New contributor
I know its best practice not to allow shared user accounts, but where is this best practice defined? Is it an ISO standard or something? What is the reasons to always create per person accounts?
access-control user-management
access-control user-management
New contributor
New contributor
edited 18 hours ago
Anders
49.3k22143161
49.3k22143161
New contributor
asked 21 hours ago
Steve VentonSteve Venton
12413
12413
New contributor
New contributor
7
Auditing is the main argument.
– ThoriumBR
21 hours ago
add a comment |
7
Auditing is the main argument.
– ThoriumBR
21 hours ago
7
7
Auditing is the main argument.
– ThoriumBR
21 hours ago
Auditing is the main argument.
– ThoriumBR
21 hours ago
add a comment |
6 Answers
6
active
oldest
votes
Alice and Eve work for Bob. Alice is a very good worker who does exactly what Bob asks her to do. Eve is a criminal mastermind hell-bent on destroying Bob's company.
Alice and Eve both share the same account.
Eve logs into the account and uses it to sabotage an important business process. The audit log captures this action.
How does Bob know who sabotaged his company? He has to get rid of the bad actor, but can't fire both of them, because his company depends on the work that they do. He could fire just one, but he has no way of knowing which one is his friend and which one is his enemy.
If Alice and Eve had separate accounts, Bob could be sure that Eve was the one who did the sabotage. Eve might even avoid doing the sabotage, if she knows her account will be audited and she will be caught.
EDIT: Adding from comments:
If Eve quits, you now need to reset the password on every account she had access to, rather than just disabling her personal accounts. This is much harder to manage, and you will miss accounts.
Additionally, it removes your ability to have granular control over access. If Alice should be writing checks, and Eve should be signing them, you essentially have no technological way to enforce that if they share the same account.
15
+1 Except that Eve, being a criminal mastermind, would have hacked in to Bob's account so he would have had to fire himself :-)
– TripeHound
20 hours ago
32
A more common situation: Eve quits or gets fired. Now you have to change the credentials for everything Eve was using (assuming you know that), you can't just disable Eve's account(s).
– JimmyJames
20 hours ago
7
Shared accounts also makes it much harder to detect when a bad actor has gained access to an account they should have access to.
– JimmyJames
20 hours ago
Added to body. I didn't add the part about account compromise because I think that applies to all accounts. If I'm misthinking that please let me know and I'll throw it in.
– Adonalsium
19 hours ago
9
Even if Eve isn't out to sabotage the company, Alice and Eve's sharing an account also means that Bob can't give Alice additional permissions without also giving them to Eve. If Alice is promoted and now has access to data X, Eve gets it, too.
– minnmass
17 hours ago
|
show 3 more comments
You should use separated account in all contexts (security on the top).
Adonalsium example show you because it's required.
There are some rare situations where it is "not possible" or "not usefull" ...
Examples:
"not possible" (legacy protocols/applications)
"no relevant" (anonymous actions)
If it is no possible, but you need to identify, you have to mitigate the risk adding more source informations as possible (e.g. connection info, connection time, etc ...)
You can check ISO 27001 Risk Assessment Methodology, ISO 31000 Risk management as starting point to answer to your question "Why avoid shared user accounts?"
New contributor
add a comment |
The typical answer is accountability, traceability, etc; In other words to be able to know who exactly did what.
A shared account has n potential people doing something but all that you have points to one account doing that thing.
This problem is usually lifted by making sure someone is legally responsible for the activities of this account. This may or may not be feasible, and you may not have someone taking responsibility for the actions of others.
This problem often occurs when you outsource some monitoring activities - the account which does the monitoring tasks should be contractually in charge of that company, which is responsible for its actions.
If you cannot assign a responsible person, it is then up to management to make a decision based on the risk: not having a service vs. not knowing who does what with that account.
add a comment |
I only know one exception to that rule. There is one single machine that is shared by several users, and the following assertions are all true:
- one and only one of those users is in charge of this machine at any moment
- the account can only be used on the local machine - disabled via network
This may happen on 7/7 24/24 systems. In that use case, you still keep an acceptable imputability by knowing the user that was present at a specific moment, provided you could set the above second rule. But in fact, it is equivalent at having an account with no password, and only using physical security.
add a comment |
Best practices are nowhere "defined", that's what the term means. A best practice is simply an established way of doing things that most people think is the best way.
It goes the other way around. Once a "best practice" is dominant, usually someone on a standards board decides to put it into some ISO or other norm. It then rests there, usually without explicit reasoning, or a circular reasoning pointing out that this is best practice.
The reasons for this particular practice are likewise practical ones. If Alice and Bob share an account and something bad happens, they will both point to the other person and you have no way of figuring out who did it. With personal accounts, they'll claim it was compromised, but then you at least have a single point to investigate further.
There are also explicit requirements for accountability in many sub-fields such as compliance, and they play into this.
add a comment |
The easiest way to do that is add 'social sign on' instead of traditional username/password system. So now users need to log in with their social accounts like Facebook (company), LinkedIn (product) or Google (company) and people rarely share their social account credentials with others! This will reduce account sharing by over 90%.
New contributor
7
OP is asking why to avoid account sharing not how, so this doesn't provide an answer to the question. Although if it did, I would probably want some source on where that 90% number came from.
– DasBeasto
16 hours ago
7
Why would you want to tie your personal social accounts to your work? Don't like privacy (or even it's illusion) anymore?
– Xen2050
11 hours ago
2
These are business accounts, not personal accounts. Besides which, I'd not want Google or Facebook to have access to my business accounts. We have company internal LDAP servers for a reason. Heck, most of our customers would cancel their contracts instantly if we used things like Facebook accounts for our company network, as they don't want any information to potentially be stored on servers in another country, not even usernames.
– jwenting
5 hours ago
2
This is terrifying. Please rethink through what you're recommending and how badly it could go.
– Criggie
3 hours ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Steve Venton is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204249%2fwhy-avoid-shared-user-accounts%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
6 Answers
6
active
oldest
votes
6 Answers
6
active
oldest
votes
active
oldest
votes
active
oldest
votes
Alice and Eve work for Bob. Alice is a very good worker who does exactly what Bob asks her to do. Eve is a criminal mastermind hell-bent on destroying Bob's company.
Alice and Eve both share the same account.
Eve logs into the account and uses it to sabotage an important business process. The audit log captures this action.
How does Bob know who sabotaged his company? He has to get rid of the bad actor, but can't fire both of them, because his company depends on the work that they do. He could fire just one, but he has no way of knowing which one is his friend and which one is his enemy.
If Alice and Eve had separate accounts, Bob could be sure that Eve was the one who did the sabotage. Eve might even avoid doing the sabotage, if she knows her account will be audited and she will be caught.
EDIT: Adding from comments:
If Eve quits, you now need to reset the password on every account she had access to, rather than just disabling her personal accounts. This is much harder to manage, and you will miss accounts.
Additionally, it removes your ability to have granular control over access. If Alice should be writing checks, and Eve should be signing them, you essentially have no technological way to enforce that if they share the same account.
15
+1 Except that Eve, being a criminal mastermind, would have hacked in to Bob's account so he would have had to fire himself :-)
– TripeHound
20 hours ago
32
A more common situation: Eve quits or gets fired. Now you have to change the credentials for everything Eve was using (assuming you know that), you can't just disable Eve's account(s).
– JimmyJames
20 hours ago
7
Shared accounts also makes it much harder to detect when a bad actor has gained access to an account they should have access to.
– JimmyJames
20 hours ago
Added to body. I didn't add the part about account compromise because I think that applies to all accounts. If I'm misthinking that please let me know and I'll throw it in.
– Adonalsium
19 hours ago
9
Even if Eve isn't out to sabotage the company, Alice and Eve's sharing an account also means that Bob can't give Alice additional permissions without also giving them to Eve. If Alice is promoted and now has access to data X, Eve gets it, too.
– minnmass
17 hours ago
|
show 3 more comments
Alice and Eve work for Bob. Alice is a very good worker who does exactly what Bob asks her to do. Eve is a criminal mastermind hell-bent on destroying Bob's company.
Alice and Eve both share the same account.
Eve logs into the account and uses it to sabotage an important business process. The audit log captures this action.
How does Bob know who sabotaged his company? He has to get rid of the bad actor, but can't fire both of them, because his company depends on the work that they do. He could fire just one, but he has no way of knowing which one is his friend and which one is his enemy.
If Alice and Eve had separate accounts, Bob could be sure that Eve was the one who did the sabotage. Eve might even avoid doing the sabotage, if she knows her account will be audited and she will be caught.
EDIT: Adding from comments:
If Eve quits, you now need to reset the password on every account she had access to, rather than just disabling her personal accounts. This is much harder to manage, and you will miss accounts.
Additionally, it removes your ability to have granular control over access. If Alice should be writing checks, and Eve should be signing them, you essentially have no technological way to enforce that if they share the same account.
15
+1 Except that Eve, being a criminal mastermind, would have hacked in to Bob's account so he would have had to fire himself :-)
– TripeHound
20 hours ago
32
A more common situation: Eve quits or gets fired. Now you have to change the credentials for everything Eve was using (assuming you know that), you can't just disable Eve's account(s).
– JimmyJames
20 hours ago
7
Shared accounts also makes it much harder to detect when a bad actor has gained access to an account they should have access to.
– JimmyJames
20 hours ago
Added to body. I didn't add the part about account compromise because I think that applies to all accounts. If I'm misthinking that please let me know and I'll throw it in.
– Adonalsium
19 hours ago
9
Even if Eve isn't out to sabotage the company, Alice and Eve's sharing an account also means that Bob can't give Alice additional permissions without also giving them to Eve. If Alice is promoted and now has access to data X, Eve gets it, too.
– minnmass
17 hours ago
|
show 3 more comments
Alice and Eve work for Bob. Alice is a very good worker who does exactly what Bob asks her to do. Eve is a criminal mastermind hell-bent on destroying Bob's company.
Alice and Eve both share the same account.
Eve logs into the account and uses it to sabotage an important business process. The audit log captures this action.
How does Bob know who sabotaged his company? He has to get rid of the bad actor, but can't fire both of them, because his company depends on the work that they do. He could fire just one, but he has no way of knowing which one is his friend and which one is his enemy.
If Alice and Eve had separate accounts, Bob could be sure that Eve was the one who did the sabotage. Eve might even avoid doing the sabotage, if she knows her account will be audited and she will be caught.
EDIT: Adding from comments:
If Eve quits, you now need to reset the password on every account she had access to, rather than just disabling her personal accounts. This is much harder to manage, and you will miss accounts.
Additionally, it removes your ability to have granular control over access. If Alice should be writing checks, and Eve should be signing them, you essentially have no technological way to enforce that if they share the same account.
Alice and Eve work for Bob. Alice is a very good worker who does exactly what Bob asks her to do. Eve is a criminal mastermind hell-bent on destroying Bob's company.
Alice and Eve both share the same account.
Eve logs into the account and uses it to sabotage an important business process. The audit log captures this action.
How does Bob know who sabotaged his company? He has to get rid of the bad actor, but can't fire both of them, because his company depends on the work that they do. He could fire just one, but he has no way of knowing which one is his friend and which one is his enemy.
If Alice and Eve had separate accounts, Bob could be sure that Eve was the one who did the sabotage. Eve might even avoid doing the sabotage, if she knows her account will be audited and she will be caught.
EDIT: Adding from comments:
If Eve quits, you now need to reset the password on every account she had access to, rather than just disabling her personal accounts. This is much harder to manage, and you will miss accounts.
Additionally, it removes your ability to have granular control over access. If Alice should be writing checks, and Eve should be signing them, you essentially have no technological way to enforce that if they share the same account.
edited 15 hours ago
answered 21 hours ago
AdonalsiumAdonalsium
2,761719
2,761719
15
+1 Except that Eve, being a criminal mastermind, would have hacked in to Bob's account so he would have had to fire himself :-)
– TripeHound
20 hours ago
32
A more common situation: Eve quits or gets fired. Now you have to change the credentials for everything Eve was using (assuming you know that), you can't just disable Eve's account(s).
– JimmyJames
20 hours ago
7
Shared accounts also makes it much harder to detect when a bad actor has gained access to an account they should have access to.
– JimmyJames
20 hours ago
Added to body. I didn't add the part about account compromise because I think that applies to all accounts. If I'm misthinking that please let me know and I'll throw it in.
– Adonalsium
19 hours ago
9
Even if Eve isn't out to sabotage the company, Alice and Eve's sharing an account also means that Bob can't give Alice additional permissions without also giving them to Eve. If Alice is promoted and now has access to data X, Eve gets it, too.
– minnmass
17 hours ago
|
show 3 more comments
15
+1 Except that Eve, being a criminal mastermind, would have hacked in to Bob's account so he would have had to fire himself :-)
– TripeHound
20 hours ago
32
A more common situation: Eve quits or gets fired. Now you have to change the credentials for everything Eve was using (assuming you know that), you can't just disable Eve's account(s).
– JimmyJames
20 hours ago
7
Shared accounts also makes it much harder to detect when a bad actor has gained access to an account they should have access to.
– JimmyJames
20 hours ago
Added to body. I didn't add the part about account compromise because I think that applies to all accounts. If I'm misthinking that please let me know and I'll throw it in.
– Adonalsium
19 hours ago
9
Even if Eve isn't out to sabotage the company, Alice and Eve's sharing an account also means that Bob can't give Alice additional permissions without also giving them to Eve. If Alice is promoted and now has access to data X, Eve gets it, too.
– minnmass
17 hours ago
15
15
+1 Except that Eve, being a criminal mastermind, would have hacked in to Bob's account so he would have had to fire himself :-)
– TripeHound
20 hours ago
+1 Except that Eve, being a criminal mastermind, would have hacked in to Bob's account so he would have had to fire himself :-)
– TripeHound
20 hours ago
32
32
A more common situation: Eve quits or gets fired. Now you have to change the credentials for everything Eve was using (assuming you know that), you can't just disable Eve's account(s).
– JimmyJames
20 hours ago
A more common situation: Eve quits or gets fired. Now you have to change the credentials for everything Eve was using (assuming you know that), you can't just disable Eve's account(s).
– JimmyJames
20 hours ago
7
7
Shared accounts also makes it much harder to detect when a bad actor has gained access to an account they should have access to.
– JimmyJames
20 hours ago
Shared accounts also makes it much harder to detect when a bad actor has gained access to an account they should have access to.
– JimmyJames
20 hours ago
Added to body. I didn't add the part about account compromise because I think that applies to all accounts. If I'm misthinking that please let me know and I'll throw it in.
– Adonalsium
19 hours ago
Added to body. I didn't add the part about account compromise because I think that applies to all accounts. If I'm misthinking that please let me know and I'll throw it in.
– Adonalsium
19 hours ago
9
9
Even if Eve isn't out to sabotage the company, Alice and Eve's sharing an account also means that Bob can't give Alice additional permissions without also giving them to Eve. If Alice is promoted and now has access to data X, Eve gets it, too.
– minnmass
17 hours ago
Even if Eve isn't out to sabotage the company, Alice and Eve's sharing an account also means that Bob can't give Alice additional permissions without also giving them to Eve. If Alice is promoted and now has access to data X, Eve gets it, too.
– minnmass
17 hours ago
|
show 3 more comments
You should use separated account in all contexts (security on the top).
Adonalsium example show you because it's required.
There are some rare situations where it is "not possible" or "not usefull" ...
Examples:
"not possible" (legacy protocols/applications)
"no relevant" (anonymous actions)
If it is no possible, but you need to identify, you have to mitigate the risk adding more source informations as possible (e.g. connection info, connection time, etc ...)
You can check ISO 27001 Risk Assessment Methodology, ISO 31000 Risk management as starting point to answer to your question "Why avoid shared user accounts?"
New contributor
add a comment |
You should use separated account in all contexts (security on the top).
Adonalsium example show you because it's required.
There are some rare situations where it is "not possible" or "not usefull" ...
Examples:
"not possible" (legacy protocols/applications)
"no relevant" (anonymous actions)
If it is no possible, but you need to identify, you have to mitigate the risk adding more source informations as possible (e.g. connection info, connection time, etc ...)
You can check ISO 27001 Risk Assessment Methodology, ISO 31000 Risk management as starting point to answer to your question "Why avoid shared user accounts?"
New contributor
add a comment |
You should use separated account in all contexts (security on the top).
Adonalsium example show you because it's required.
There are some rare situations where it is "not possible" or "not usefull" ...
Examples:
"not possible" (legacy protocols/applications)
"no relevant" (anonymous actions)
If it is no possible, but you need to identify, you have to mitigate the risk adding more source informations as possible (e.g. connection info, connection time, etc ...)
You can check ISO 27001 Risk Assessment Methodology, ISO 31000 Risk management as starting point to answer to your question "Why avoid shared user accounts?"
New contributor
You should use separated account in all contexts (security on the top).
Adonalsium example show you because it's required.
There are some rare situations where it is "not possible" or "not usefull" ...
Examples:
"not possible" (legacy protocols/applications)
"no relevant" (anonymous actions)
If it is no possible, but you need to identify, you have to mitigate the risk adding more source informations as possible (e.g. connection info, connection time, etc ...)
You can check ISO 27001 Risk Assessment Methodology, ISO 31000 Risk management as starting point to answer to your question "Why avoid shared user accounts?"
New contributor
New contributor
answered 20 hours ago
WaltZieWaltZie
1011
1011
New contributor
New contributor
add a comment |
add a comment |
The typical answer is accountability, traceability, etc; In other words to be able to know who exactly did what.
A shared account has n potential people doing something but all that you have points to one account doing that thing.
This problem is usually lifted by making sure someone is legally responsible for the activities of this account. This may or may not be feasible, and you may not have someone taking responsibility for the actions of others.
This problem often occurs when you outsource some monitoring activities - the account which does the monitoring tasks should be contractually in charge of that company, which is responsible for its actions.
If you cannot assign a responsible person, it is then up to management to make a decision based on the risk: not having a service vs. not knowing who does what with that account.
add a comment |
The typical answer is accountability, traceability, etc; In other words to be able to know who exactly did what.
A shared account has n potential people doing something but all that you have points to one account doing that thing.
This problem is usually lifted by making sure someone is legally responsible for the activities of this account. This may or may not be feasible, and you may not have someone taking responsibility for the actions of others.
This problem often occurs when you outsource some monitoring activities - the account which does the monitoring tasks should be contractually in charge of that company, which is responsible for its actions.
If you cannot assign a responsible person, it is then up to management to make a decision based on the risk: not having a service vs. not knowing who does what with that account.
add a comment |
The typical answer is accountability, traceability, etc; In other words to be able to know who exactly did what.
A shared account has n potential people doing something but all that you have points to one account doing that thing.
This problem is usually lifted by making sure someone is legally responsible for the activities of this account. This may or may not be feasible, and you may not have someone taking responsibility for the actions of others.
This problem often occurs when you outsource some monitoring activities - the account which does the monitoring tasks should be contractually in charge of that company, which is responsible for its actions.
If you cannot assign a responsible person, it is then up to management to make a decision based on the risk: not having a service vs. not knowing who does what with that account.
The typical answer is accountability, traceability, etc; In other words to be able to know who exactly did what.
A shared account has n potential people doing something but all that you have points to one account doing that thing.
This problem is usually lifted by making sure someone is legally responsible for the activities of this account. This may or may not be feasible, and you may not have someone taking responsibility for the actions of others.
This problem often occurs when you outsource some monitoring activities - the account which does the monitoring tasks should be contractually in charge of that company, which is responsible for its actions.
If you cannot assign a responsible person, it is then up to management to make a decision based on the risk: not having a service vs. not knowing who does what with that account.
answered 19 hours ago
WoJWoJ
7,04712544
7,04712544
add a comment |
add a comment |
I only know one exception to that rule. There is one single machine that is shared by several users, and the following assertions are all true:
- one and only one of those users is in charge of this machine at any moment
- the account can only be used on the local machine - disabled via network
This may happen on 7/7 24/24 systems. In that use case, you still keep an acceptable imputability by knowing the user that was present at a specific moment, provided you could set the above second rule. But in fact, it is equivalent at having an account with no password, and only using physical security.
add a comment |
I only know one exception to that rule. There is one single machine that is shared by several users, and the following assertions are all true:
- one and only one of those users is in charge of this machine at any moment
- the account can only be used on the local machine - disabled via network
This may happen on 7/7 24/24 systems. In that use case, you still keep an acceptable imputability by knowing the user that was present at a specific moment, provided you could set the above second rule. But in fact, it is equivalent at having an account with no password, and only using physical security.
add a comment |
I only know one exception to that rule. There is one single machine that is shared by several users, and the following assertions are all true:
- one and only one of those users is in charge of this machine at any moment
- the account can only be used on the local machine - disabled via network
This may happen on 7/7 24/24 systems. In that use case, you still keep an acceptable imputability by knowing the user that was present at a specific moment, provided you could set the above second rule. But in fact, it is equivalent at having an account with no password, and only using physical security.
I only know one exception to that rule. There is one single machine that is shared by several users, and the following assertions are all true:
- one and only one of those users is in charge of this machine at any moment
- the account can only be used on the local machine - disabled via network
This may happen on 7/7 24/24 systems. In that use case, you still keep an acceptable imputability by knowing the user that was present at a specific moment, provided you could set the above second rule. But in fact, it is equivalent at having an account with no password, and only using physical security.
answered 6 hours ago
Serge BallestaSerge Ballesta
16.8k32661
16.8k32661
add a comment |
add a comment |
Best practices are nowhere "defined", that's what the term means. A best practice is simply an established way of doing things that most people think is the best way.
It goes the other way around. Once a "best practice" is dominant, usually someone on a standards board decides to put it into some ISO or other norm. It then rests there, usually without explicit reasoning, or a circular reasoning pointing out that this is best practice.
The reasons for this particular practice are likewise practical ones. If Alice and Bob share an account and something bad happens, they will both point to the other person and you have no way of figuring out who did it. With personal accounts, they'll claim it was compromised, but then you at least have a single point to investigate further.
There are also explicit requirements for accountability in many sub-fields such as compliance, and they play into this.
add a comment |
Best practices are nowhere "defined", that's what the term means. A best practice is simply an established way of doing things that most people think is the best way.
It goes the other way around. Once a "best practice" is dominant, usually someone on a standards board decides to put it into some ISO or other norm. It then rests there, usually without explicit reasoning, or a circular reasoning pointing out that this is best practice.
The reasons for this particular practice are likewise practical ones. If Alice and Bob share an account and something bad happens, they will both point to the other person and you have no way of figuring out who did it. With personal accounts, they'll claim it was compromised, but then you at least have a single point to investigate further.
There are also explicit requirements for accountability in many sub-fields such as compliance, and they play into this.
add a comment |
Best practices are nowhere "defined", that's what the term means. A best practice is simply an established way of doing things that most people think is the best way.
It goes the other way around. Once a "best practice" is dominant, usually someone on a standards board decides to put it into some ISO or other norm. It then rests there, usually without explicit reasoning, or a circular reasoning pointing out that this is best practice.
The reasons for this particular practice are likewise practical ones. If Alice and Bob share an account and something bad happens, they will both point to the other person and you have no way of figuring out who did it. With personal accounts, they'll claim it was compromised, but then you at least have a single point to investigate further.
There are also explicit requirements for accountability in many sub-fields such as compliance, and they play into this.
Best practices are nowhere "defined", that's what the term means. A best practice is simply an established way of doing things that most people think is the best way.
It goes the other way around. Once a "best practice" is dominant, usually someone on a standards board decides to put it into some ISO or other norm. It then rests there, usually without explicit reasoning, or a circular reasoning pointing out that this is best practice.
The reasons for this particular practice are likewise practical ones. If Alice and Bob share an account and something bad happens, they will both point to the other person and you have no way of figuring out who did it. With personal accounts, they'll claim it was compromised, but then you at least have a single point to investigate further.
There are also explicit requirements for accountability in many sub-fields such as compliance, and they play into this.
answered 2 hours ago
TomTom
5,313831
5,313831
add a comment |
add a comment |
The easiest way to do that is add 'social sign on' instead of traditional username/password system. So now users need to log in with their social accounts like Facebook (company), LinkedIn (product) or Google (company) and people rarely share their social account credentials with others! This will reduce account sharing by over 90%.
New contributor
7
OP is asking why to avoid account sharing not how, so this doesn't provide an answer to the question. Although if it did, I would probably want some source on where that 90% number came from.
– DasBeasto
16 hours ago
7
Why would you want to tie your personal social accounts to your work? Don't like privacy (or even it's illusion) anymore?
– Xen2050
11 hours ago
2
These are business accounts, not personal accounts. Besides which, I'd not want Google or Facebook to have access to my business accounts. We have company internal LDAP servers for a reason. Heck, most of our customers would cancel their contracts instantly if we used things like Facebook accounts for our company network, as they don't want any information to potentially be stored on servers in another country, not even usernames.
– jwenting
5 hours ago
2
This is terrifying. Please rethink through what you're recommending and how badly it could go.
– Criggie
3 hours ago
add a comment |
The easiest way to do that is add 'social sign on' instead of traditional username/password system. So now users need to log in with their social accounts like Facebook (company), LinkedIn (product) or Google (company) and people rarely share their social account credentials with others! This will reduce account sharing by over 90%.
New contributor
7
OP is asking why to avoid account sharing not how, so this doesn't provide an answer to the question. Although if it did, I would probably want some source on where that 90% number came from.
– DasBeasto
16 hours ago
7
Why would you want to tie your personal social accounts to your work? Don't like privacy (or even it's illusion) anymore?
– Xen2050
11 hours ago
2
These are business accounts, not personal accounts. Besides which, I'd not want Google or Facebook to have access to my business accounts. We have company internal LDAP servers for a reason. Heck, most of our customers would cancel their contracts instantly if we used things like Facebook accounts for our company network, as they don't want any information to potentially be stored on servers in another country, not even usernames.
– jwenting
5 hours ago
2
This is terrifying. Please rethink through what you're recommending and how badly it could go.
– Criggie
3 hours ago
add a comment |
The easiest way to do that is add 'social sign on' instead of traditional username/password system. So now users need to log in with their social accounts like Facebook (company), LinkedIn (product) or Google (company) and people rarely share their social account credentials with others! This will reduce account sharing by over 90%.
New contributor
The easiest way to do that is add 'social sign on' instead of traditional username/password system. So now users need to log in with their social accounts like Facebook (company), LinkedIn (product) or Google (company) and people rarely share their social account credentials with others! This will reduce account sharing by over 90%.
New contributor
New contributor
answered 16 hours ago
drsmithdrsmith
1
1
New contributor
New contributor
7
OP is asking why to avoid account sharing not how, so this doesn't provide an answer to the question. Although if it did, I would probably want some source on where that 90% number came from.
– DasBeasto
16 hours ago
7
Why would you want to tie your personal social accounts to your work? Don't like privacy (or even it's illusion) anymore?
– Xen2050
11 hours ago
2
These are business accounts, not personal accounts. Besides which, I'd not want Google or Facebook to have access to my business accounts. We have company internal LDAP servers for a reason. Heck, most of our customers would cancel their contracts instantly if we used things like Facebook accounts for our company network, as they don't want any information to potentially be stored on servers in another country, not even usernames.
– jwenting
5 hours ago
2
This is terrifying. Please rethink through what you're recommending and how badly it could go.
– Criggie
3 hours ago
add a comment |
7
OP is asking why to avoid account sharing not how, so this doesn't provide an answer to the question. Although if it did, I would probably want some source on where that 90% number came from.
– DasBeasto
16 hours ago
7
Why would you want to tie your personal social accounts to your work? Don't like privacy (or even it's illusion) anymore?
– Xen2050
11 hours ago
2
These are business accounts, not personal accounts. Besides which, I'd not want Google or Facebook to have access to my business accounts. We have company internal LDAP servers for a reason. Heck, most of our customers would cancel their contracts instantly if we used things like Facebook accounts for our company network, as they don't want any information to potentially be stored on servers in another country, not even usernames.
– jwenting
5 hours ago
2
This is terrifying. Please rethink through what you're recommending and how badly it could go.
– Criggie
3 hours ago
7
7
OP is asking why to avoid account sharing not how, so this doesn't provide an answer to the question. Although if it did, I would probably want some source on where that 90% number came from.
– DasBeasto
16 hours ago
OP is asking why to avoid account sharing not how, so this doesn't provide an answer to the question. Although if it did, I would probably want some source on where that 90% number came from.
– DasBeasto
16 hours ago
7
7
Why would you want to tie your personal social accounts to your work? Don't like privacy (or even it's illusion) anymore?
– Xen2050
11 hours ago
Why would you want to tie your personal social accounts to your work? Don't like privacy (or even it's illusion) anymore?
– Xen2050
11 hours ago
2
2
These are business accounts, not personal accounts. Besides which, I'd not want Google or Facebook to have access to my business accounts. We have company internal LDAP servers for a reason. Heck, most of our customers would cancel their contracts instantly if we used things like Facebook accounts for our company network, as they don't want any information to potentially be stored on servers in another country, not even usernames.
– jwenting
5 hours ago
These are business accounts, not personal accounts. Besides which, I'd not want Google or Facebook to have access to my business accounts. We have company internal LDAP servers for a reason. Heck, most of our customers would cancel their contracts instantly if we used things like Facebook accounts for our company network, as they don't want any information to potentially be stored on servers in another country, not even usernames.
– jwenting
5 hours ago
2
2
This is terrifying. Please rethink through what you're recommending and how badly it could go.
– Criggie
3 hours ago
This is terrifying. Please rethink through what you're recommending and how badly it could go.
– Criggie
3 hours ago
add a comment |
Steve Venton is a new contributor. Be nice, and check out our Code of Conduct.
Steve Venton is a new contributor. Be nice, and check out our Code of Conduct.
Steve Venton is a new contributor. Be nice, and check out our Code of Conduct.
Steve Venton is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204249%2fwhy-avoid-shared-user-accounts%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
7
Auditing is the main argument.
– ThoriumBR
21 hours ago