Service Account
A Service Account is a non-human account used by applications, processes, or services to access resources and perform actions. Service accounts need credentials like any user account but lack the interactive elements of human accounts.
# WHAT TEAMS RUN INTO
- —
Service accounts accumulate and become unmanaged. A service account is created for a legacy application, the application is replaced, but the service account is forgotten and never cleaned up.
- —
Service account credentials are long-lived. Unlike humans who periodically reset passwords, service accounts often use the same credentials for years. A single leaked credential compromises the account permanently.
- —
Service accounts have broad permissions. Service accounts are often granted broad permissions because their purpose is not clearly understood or because it is easier to grant broad access than to determine least privilege.
# WHY IT MATTERS
Service accounts are the ghost workers of IT systems — they do work on behalf of services instead of humans. Service account compromise can be as damaging as human account compromise, but service accounts often receive less security scrutiny. Organizations that manage service accounts with the same rigor as human accounts — strong credentials, least privilege, regular rotation, tight audit — make service account compromise less valuable to attackers.