Why generic accounts are bad

May 18, 2016

While I understand the motivation behind requests for generic – or worse – shared accounts for temporary employees, the downside is just too big. Consider…

Accountability

Having individual accounts avoids this scenario:

  • I create a ‘tempuser1’ account (an account name that hackers will try to use to break in, BTW)
  • Mary, who seemed very nice when you hired her, uses this account.
  • Mary’s time at your company ends and we disable the account.
  • A few months later, we re-enable the account for a new temporary user, Jane.
  • Mary, who harbors ill-will for some reason, has been trying this account periodically finds the account is available again and does Bad Stuff.

How will we be able to tell whether Mary or Jane did the Bad Stuff? The computers don’t know that they’re different people. Computers only know them by ‘tempuser1’.

“You should change the password when you re-enable the account”, you say. I agree, but at that point we’ve essentially created a new account anyway, and if we had done that from the start we would have avoided the above scenario.

Identity

If we have ‘tempuser1’ and ‘tempuser2’ and they send email to other staff, their mail will show as being sent from “Temp User1” and “Temp User2” with no indication which human sent the mail.

Shared accounts

Even worse than generic, non-human identifiable accounts, are shared accounts, e.g. Interns – a single account used by all interns. When one intern leaves, the password should be changed. Now you have to communicate the new password to all of the other people using the Intern account. Blech. A lot of work for absolutely zero upside.