> I can't imagine a threat model where password sharing among multiple parties is more risky than giving multiple people sudo
An individual leaves the company and the security / compliance people say all their access to be revoked, which is kind of a headache with shared logins.
The security / compliance people want audit logs of who does what, which is harder to do with shared logins.
I think both of these things are encouraged (maybe required?) by various certifications that companies doing certain things might need.
An individual leaves the company and the security / compliance people say all their access to be revoked, which is kind of a headache with shared logins.
The security / compliance people want audit logs of who does what, which is harder to do with shared logins.
I think both of these things are encouraged (maybe required?) by various certifications that companies doing certain things might need.