Background
Keeping data secure is a key aspect of any application account management. Information security is a complex, multifaceted discipline built upon many foundational principles. Here are some key principles to keep in mind when managing users' access to any application.
Unique Access
Every user of an application should have their own account with a password known only to them. Sharing accounts or password causes problems in tracking down who did what. If you become aware of users sharing passwords, you should disable that user's account right away and work with management to address the issue.
Timely Account Management
Accounts to applications should only be created and enabled when the user is actively working and needs access. Accounts must be disabled or removed upon the user's termination or transfer to another job role to prevent malicious activity. As a rule, a new user's account should only be created a day or two before the user is expected to start using the application. Any terminated user's access should be removed the same day of departure.
Unique Passwords
Every user should have their own password known only to them. If you must create the password for the user to log on for the first time, give each user a randomly generated password and make sure they change that password right away. Any application that requires passwords should follow the campus's password policy best practices.
Principle of Least Privilege (POLP)
The idea that at any user, program, or process should have only the bare minimum privileges necessary to perform its function. For example, a user account created for pulling records from a database doesn't need admin rights, while a programmer whose main function is updating lines of legacy code doesn't need access to financial records.