Account Hygiene

Account hygiene is the practice of maintaining clean, secure, and properly managed user accounts across an organization's systems.

This involves regularly reviewing and updating user permissions, removing unused or dormant accounts, ensuring strong password policies are enforced, and verifying that access rights align with current job responsibilities.

Effective account hygiene includes conducting periodic access reviews to identify accounts that may have accumulated excessive privileges over time, known as "privilege creep." Organizations should also promptly disable accounts for departed employees, remove shared or service accounts that are no longer needed, and ensure that temporary accounts created for contractors or vendors are properly managed and deactivated when no longer required.

Poor account hygiene creates significant security risks, as dormant accounts with elevated privileges can become attractive targets for attackers seeking to gain unauthorized access to systems. Additionally, accounts with outdated permissions may provide more access than users actually need for their current roles, violating the principle of least privilege.

Regular account hygiene practices help reduce an organization's attack surface, ensure compliance with security policies and regulatory requirements, and maintain better visibility into who has access to what systems and data across the enterprise.