Security - Do you use service accounts?

Last updated by Brook Jeynes [SSW] 3 months ago.See history

This rule has been archived
Archived Reason: This rule is now outdated, service accounts are useful but gMSAs and other kinds of secure identities should be used instead - replaced by https://www.ssw.com.au/rules/group-managed-service-account-gmsa

Do you use service accounts for recurring tasks and systems, or do you use user and personal accounts?

As a rule, you should never use a user account for accessing systems, reports, tasks and other long-running applications that do not need human or user interaction to run.

Service accounts provide a security context where the applications run, without the need to worry about their passwords or privileges. If a user changes their password, you will not break anything, because service account password normally does not expire and changing them is never needed.

Also, if the security of a user account is breached, you do not have to worry about any other systems being compromised - that account was not being used to run any applications. Always keep your service accounts passwords safe and complex, and you will never need to worry about it.

We open source. Powered by GitHub