PURPOSE Shared account access creates security and accountability risks if handled poorly. BEST PRACTICES Use approved shared account processes, delegated access, or password vault systems instead of sending passwords in messages. LIMIT ACCESS Only authorized people should have access, and access should be removed when no longer needed. AVOID Do not share passwords casually through email, chat, sticky notes, or spreadsheets. BEST PRACTICE Individual accounts are usually safer and easier to audit than shared accounts.