 |
This article relies excessively on referencestoprimary sources. Please improve this article by adding secondary or tertiary sources.
Find sources: "Service account" – news · newspapers · books · scholar · JSTOR (January 2023) (Learn how and when to remove this message) |
Aservice accountorapplication account is a digital identity used by an application software or service to interact with other applications or the operating system. They are often used for machine to machine communication (M2M), for example for application programming interfaces (API).[1] The service account may be a privileged identity within the context of the application.[2]
Local service accounts can interact with various components of the operating system, which makes coordination of password changes difficult.[3] In practice this causes passwords for service accounts to rarely be changed, which poses a considerable security risk for an organization.[3]
Some types of service accounts do not have a password.[4]
Service accounts are often used by applications for access to databases, running batch jobsorscripts, or for accessing other applications. Such privileged identities often have extensive access to an organization's underlying data stores laying in applications or databases.[3]
Passwords for such accounts are often built and saved in plain textfiles, which is a vulnerability which may be replicated across several servers to provide fault tolerance for applications. This vulnerability poses a significant risk for an organization since the application often hosts the type of data which is interesting to advanced persistent threats.[3]
Service accounts are non-personal digital identities and can be shared.[3]
Google Cloud lists several possibilities for misuse of service accounts:[4]
