It is our responsibility to state that having a shared login can pose multiple security risks within your organization and is not generally recommended as a security best practice given these risks. With this in mind, we understand that there are times in which this is necessary to complete various job tasks or functions. We will discuss possible solutions that you could choose to implement if this is necessary within your organization:
Solution 1: Use Multi-User 2FA Platforms (Recommended)
Some Two-Factor Authentication (2FA) services allow multiple people to authenticate under a shared account. For example, 1Password allows for secure storage of passwords and 2FA generated tokens to be shared within a specified group. Duo Security also allows organizations to configure shared access where multiple users can authenticate using their individual devices, reducing the risks associated with shared credentials. There are other services available that provide this functionality that may exist within your organization today.
Solution 2: Assign One Person for 2FA Management
If multi-user 2FA is not available in your organization today, you could designate one person to manage the 2FA token or app. This person would receive the authentication codes and manage all login requests. While not ideal, this method ensures some accountability for who is accessing the account and allows the 2FA codes to be manually monitored.
Note: While none of these recommendations fully mitigate the risks of using shared accounts, they can help ensure a higher level of security when 2FA is implemented in these situations. We must state once more that, ideally, shared accounts should be avoided in favor of more secure alternatives, such as individual accounts with role-based access.
Comments
0 comments
Article is closed for comments.