Skip to content Skip to main navigation Report an accessibility issue
Information Security

Why Avoid Shared Accounts?


In our interconnected digital world, security is paramount. In keeping with our goal to provide the most secure environment possible we want to discuss why shared accounts pose significant risks within our university systems. Let’s explore the dangers and better alternatives.

A shared account is a single set of login credentials (username and password) used by multiple individuals to access university resources. While it may seem convenient, it comes with serious drawbacks.

The Risks of Shared Accounts:

  1. Lack of Accountability and Traceability
    • When several people share an account, it’s challenging to determine who performed specific actions. Audit logs won’t pinpoint individual responsibility.
    • Individual accounts provide clear accountability. If something goes wrong, we can trace it back to the right person.
  2. Access Management Complexity
    • When someone leaves or changes roles, managing shared account access becomes cumbersome. We must update credentials across all systems.
    • Individual accounts allow fine-tuning access. Professors, students, and staff get precisely what they need.
  3. Security Vulnerabilities
    • Shared accounts increase the risk of social engineering attacks. More users knowing the login details means more potential vulnerabilities.
    • If one person falls victim to phishing, the entire shared account becomes compromised.
  4. Detection Challenges
    • Imagine a shared desktop environment. New files or changes might go unnoticed.
    • Malicious activities are harder to spot when multiple users share an account.

The Better Approach:

  1. Individual User Accounts
    • Each user should have their unique credentials. This ensures clear responsibility.
    • When someone leaves, we can disable their account without affecting others.
  2. Regular Auditing
    • Review access logs periodically to detect anomalies or unauthorized activities.
    • Individual accounts facilitate targeted audits.  
  3. Education and Awareness
    • Educate everyone about the risks of shared accounts.
    • Encourage strong passwords and consider multi-factor authentication.
  4. Role-Based Access Control (RBAC)
    • Assign permissions based on roles (faculty, student, staff, admin).
    • RBAC ensures users access only what’s necessary.

Account sharing might seem convenient, but it comes with significant risks. Let’s prioritize our digital safety by safeguarding our personal information. Remember: Your account, your responsibility. Keep it private, keep it secure!

The flagship campus of the University of Tennessee System and partner in the Tennessee Transfer Pathway.