Your Accounts

Never Share Accounts or Logins

Foundational

Your login identifies you. Everything done with it is recorded as done by you, and in a regulated business that record is a legal one. The moment two people share a login, we lose the ability to know who actually did what — which is why sharing accounts, even helpfully and with good intentions, is something we never do.

It feels harmless and even helpful: a colleague is stuck, you're off sick, someone new hasn't got their access yet — so you share a login "just for now". But the consequences are serious. We can no longer prove who took an action, an attacker who gets one password gets two people's access, and when someone leaves, their access doesn't truly end if others know their login.

Whatever the situation, there is always a proper alternative to sharing your login — and this page points you to it. If access is missing or slow, that's a problem to raise, never one to solve by sharing credentials.

Everyone uses their own identity

DoMake sure everyone who needs access has their own account, with the permissions their role requires — raise it with IT if someone doesn't.
DoIf you need someone to do something on your behalf, have them do it under their own login, or use an approved delegation/shared-mailbox feature — not your password.
DoTell IT/security promptly if you think anyone else knows or has used your login, and change your password.
AlwaysKeep your login strictly to yourself — it represents you, and only you should ever use it.
NeverShare your account, password, or login with anyone — a colleague, a new starter, your manager, or someone claiming to be IT.
NeverUse someone else's login, or log in "as" another person, for any reason.

When you're tempted to share

Do notShare a login because access is slow, missing, or someone's in a hurry — raise the access problem instead; it's quick to fix and never worth the risk.
Do notLeave yourself logged in for someone else to use, or log in for them on their device.
NeverKeep using, or let others keep using, the login of someone who has left or changed roles — that access must end.

Ask yourself

AskAm I about to let someone else use my login — and is there a proper way to do this instead?
AskDoes the person who needs access have their own account? If not, who do I raise that with?
AskIf something went wrong under my login, could I prove it wasn't me?

Why it matters: Accountability is the foundation of everything we do — investigations, audits, and trust all depend on knowing exactly who did what. Shared logins destroy that, double the damage of any stolen password, and leave "ghost" access behind when people move on. One login per person, always, is what keeps that record honest and our customers' data protected.