Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Email account used by multiple people

From: "Miller, Don C." <donm () UIDAHO EDU>
Date: Fri, 12 Mar 2010 09:27:23 -0800
The University of Idaho is very similar to Mark's statement although we
have it as a written policy that passwords may not be shared without
prior permission from our CISO.  Sometimes the most "compelling" reasons
to allow account sharing are political. :(

Don Miller
University of Idaho

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mark Montague
Sent: Thursday, March 11, 2010 12:48 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Email account used by multiple people


  On March 11, 2010 15:04 , Kenneth Arnold <bkarnold () cbu edu>  wrote:

What is your policy regarding the creation of an email address to be 
shared by several users such that each person has the password to the 
account?  I am not referring to an alias that can distribute email to 
multiple people but an actual account with a password.


What is the business reason being given for the need to share a
password, as opposed to creating the account, not telling anyone the
password, and setting the ACLs for the account so that it can be
accessed by each individual user using their own personal and non-shared
credentials?  We allow people to share email addresses and mailboxes
here, but we strongly discourage the sharing of credentials unless there
is a compelling business reason.

                 Mark Montague
                 ITS Enterprise Email&  Collaboration Techologies Team
                 The University of Michigan
                 markmont () umich edu
Previous By Date Next
Previous By Thread Next

Current thread: