search cancel

Password Sharing and Best Practices for Symantec.Cloud

book

Article ID: 164145

calendar_today

Updated On:

Products

Email Security.cloud Web Security.cloud Advanced Threat Protection Platform

Issue/Introduction

When you need to have multiple users access the portal in order to manage the same account, administrators sometimes choose to share the password for the main account with all of the authorized users in order to save management time. Sharing passwords among multiple users for the same Login/User ID's appears to be very simple, convenient and straightforward.

 

  •         Account gets locked multiple times
  •         Password is changed by one user while others are not notified
  •         There is no way to identify the person who made the change in case all individuals repudiate

Environment

Symantec.Cloud Portal

Cause

Password Sharing among multiple users.

Resolution

Password Sharing is not a good security practice due to various reasons.  It is recommended to create a User ID for every individual that needs to have access to the account.  It will also result in multiple benefits with regards to your overall security posture.  Listed below are just a few examples:

  •         Audit Trails of Individual Users. Non-Repudiation
  •         One user cannot lock everyone out
  •         A secondary Admin can act as a back up and can reset the password for the Primary and/or any other user
  •         Users can be assigned "User Roles" according to their job function as needed
  •         Access can be restricted to the users who no longer need access without affecting other users

 

It is recommended to create a different User ID for each individual user that needs to access your account. By doing this you will be able to better manage the security of your account in general.