What is Account Sharing?
Account sharing is the practice of sharing personal credentials with multiple users in order to have them access the same online service without needing to register. This process can take place both for personal account credentials as well as in the workplace.
What Share Accounts?
When sharing accounts, a user will share their username/email address and password with other users. This allows others to access their account with the service.
Account sharing has become common with certain types of accounts and services. For example, many users will share their social media accounts with family members. Many people also have shared accounts for subscription-based streaming services — Spotify, Netflix, etc. — to save on streaming fees.
In some cases, employees of a company may share their accounts with one another. This is typically designed to make it easier to handle access to shared systems. For example, employees may have a shared login to an application that all of them use regularly and that doesn’t hold any information that is sensitive or specific to a particular employee.
The Risks of Shared Accounts
In general, sharing accounts is always a bad idea. It defeats the purpose of usernames and passwords, which is to uniquely identify the user of a system.
The risks of a shared account depend on the application, for example, a shared subscription-based account vs. an enterprise application. Some of the most common risks of shared accounts include:
- Legality: For subscription-based accounts like Netflix or Spotify, account sharing may be illegal and specifically banned by the platform’s terms and conditions. The reason for this is that the company wants to maximize the revenue collected from its streaming service, and shared accounts mean that fewer people are creating their own accounts and paying subscription fees.
- Exposure: If credentials are shared with multiple people, they are likely easy to remember, widely shared, and poorly protected. This increases the risk that the password will be exposed to an unauthorized user, and shared passwords are more difficult to change.
- Abuse: With multiple users on a single account, there is a chance that a single user will take actions that impact them all. For example, a disgruntled employee using an enterprise system with a shared account could delete all of the data stored within the application.
- Auditability: Shared credentials mean that there is no way for an organization to determine which user performed a particular action. This can be troublesome if a rogue employee takes some malicious action or if the organization needs to track users’ actions for regulatory compliance or as part of a forensic investigation.
Sharing accounts — whether personal or professional — is a common but dangerous practice. Even if this activity isn’t explicitly forbidden by an organization or service provider, sharing accounts defeats the purpose of account credentials, which are designed to uniquely identify a user and determine whether they should have access to a service. It’s always more secure to create and use separate accounts rather than sharing a single one.