Its under your name, therefore its your issue

Accounts have names for a reason, they are supposed to show an audit trail of who did what and when, as I explain in this article.

1 min read
Its under your name, therefore its your issue

Seeing tweets quoting this particular tweet, it seems there is much more to be done to educate users that anything done in a computer account in your name is your responsibility.

In the corporate enviroments that I have been a part of, prohibition of password sharing is part of their Computer Systems Acceptable Usage Policy. All accounts should be able to be traced back to the humans attached to them at any point in time. There is also usually a clause that says it is possible to have disciplinary action against you if you are found to have willingly shared credentials, because it is a security risk to teh organisation.

Reading the thread of replies to the tweet, Nadine keeps on digging a hole... Nadine is an MP, so should be even more cautious about credential sharing. With the actual credentials, those that it was shared with can read the entire email account if they wanted to, including anything marked highly confidential.

If any organisation is using a serious email system (i.e. not POP3 junk included with a domain name or website CPanel setup) then there are things called Shared Mailboxes. Each user has their own username, and is assigned access to the Shared Mailbox. The account cannot be logged in to directly. You can even set Send As permissions, if you want to 'hide the actual sender behind the mailbox name', but this still logs that Joe Bloggs sent an email using Jane Bloggs mailbox.

This is only a short little rant about this subject, as it is something that affects anyone working in IT in any size of organisation.
For another set of views on this subject, see 2 articles from Troy Hunt below.
The Trouble with Politicians Sharing Passwords
Security Sense: Password Policy Prevents Credential Sharing

Me on Mastodon - This link is here for verification purposes.