Security: Every user account is a doorway

I've been studying medieval European history with my kids.

The historical development of castle design is a fascinating thing.

Most castles had only two entrances: the wide drawbridge-and-portcullis affair at the front for whatever public access might be granted, and a tiny "postern gate" at the rear for low-key access by trusted staff.

Maintaining such a fortification wasn't very convenient, but it was the best way to defend against potential attackers.

Now imagine if they had decided that one postern door wasn't enough.

The kitchen staff want one near the kitchen. Groundskeepers want one near the garden. We'll just add a whole bunch of little doors all around the castle wall.

What could possibly go wrong?

Yeah, not a good idea.

Here's the thing:

If you're giving members a login to manage their own profile and access members-only benefits on your site, that has real business value.

That's your big public entrance, and it's well fortified. Folks who come through that door are very limited in what they can do anyway.

And your staff? They come in through the back door and have much more access to your valuable inner workings. That has real business value, too.

But what about password accounts for staff who no longer work for you?

Those have no business value.

But they're still a means of access — waiting to be abused by miscreants who aim to misuse your data and your resources.

Every one of them is like an unattended door in your castle wall.

For goodness' sake, brick those things up.

All the best,
A.