All client systems monitored 24/7
Sheffield, UK  //  Est. 2006
01433 377 977

Why Generic Shared Accounts Are a Bad Idea

Let me start by being honest and a little apologetic. When we ask a practice to give every member of staff their own login instead of one shared "reception" or "practice" account, we know it adds friction. People genuinely do not love it, and I understand why. So this is not a telling off. It is an explanation of why generic shared accounts, however convenient, are a bad idea, and why we push back on them even though it makes our life harder too.

Because the case for shared accounts is not stupid. It is the path of least resistance. It is the easiest thing to deploy, the easiest thing to train staff on, and it means nobody is ever locked out because they forgot which login is theirs. On the face of it, that all sounds great. Unfortunately, it is one of those things that feels easier today and quietly costs you later.

"But we are fully cloud, so the machine does not matter"

This is the objection I hear most, so let me deal with it head on. The reasoning goes: we just use Dentally, or CareStack, or whatever cloud system, to do everything, so the actual computer is basically a dumb terminal and it does not matter who is logged into it.

I understand the logic, but it is not true. Nobody only ever opens their practice management system and touches nothing else. In the real world, the same person also saves files to the machine, even if only temporarily. They open other websites and services. They check an email, log into a training portal, download a document, print something, look something up. Every one of those actions leaves temporary files, cached data, browser-saved passwords and access tokens on that computer, and all of it is tied to whoever is logged in.

If that login is a shared, generic account, then all of that activity, from every member of staff who has ever used the machine, is piled into one identity. The "it is just a dumb terminal" argument quietly falls apart the moment real people use it for real work, which they always do.

What generic accounts actually cost you

Here is the plain list of what you give up when everyone shares one login. None of it feels urgent until the day it matters, and then it matters a lot.

  • You cannot reliably tell who did what. Who accessed, changed or deleted something? With a shared account, the honest answer is "someone". For a business handling patient data, that lack of accountability is a real problem.
  • The password has to be shared, so it is far more likely to be written down on a sticky note, reused elsewhere, or still known by someone who left months ago.
  • You cannot cut off one person cleanly. When a staff member leaves, you cannot disable just their access without changing the password on everyone, disrupting the whole team every single time.
  • Everyone gets the same permissions, which almost always means everyone gets more access than they actually need, because the account has to cover the most demanding user.
  • Your security alerts and audit logs become nearly useless, because every action appears to come from the same user. When something goes wrong, you cannot see the trail.
  • Data gets mixed between staff. Files, browser-saved passwords, email sessions, downloads and application data all blur together, so one person can end up seeing another's.
  • Modern security controls become hard or impossible. MFA, Conditional Access and other identity-based protections are built around individual identities. Bolt them onto a shared account and they either do not work properly or defeat their own purpose. This is the same reason multi-factor authentication needs real, individual accounts to do its job.
  • A single compromise opens every door. If that one shared account is phished or cracked, the attacker instantly has everything that every user of it could reach, not just one person's slice.

The fix is not as painful as it sounds

The answer is simple to say: give every member of staff their own account, with permissions matched to what they actually need. It is a bit more setup, and a short adjustment for the team, but it is a one-time cost that pays back every day afterwards.

And it is the foundation everything else stands on. Individual logins are what make MFA, Conditional Access, sensible permissions and a proper leaver process actually work. They pair naturally with removing standing admin rights and with the basic password hygiene we have written about before. Done well, the friction is far smaller than people expect: fast sign-in, the right access for each role, and the practice owner finally able to answer "who did that?" with a name rather than a shrug.

None of this means we do not sympathise. We do, genuinely, and we will always try to make it as smooth as possible, from quick sign-in options to sensible setup so nobody is fighting the login all day. But on this one we will keep gently pushing, because it is one of the few things that quietly protects you on the worst day, the leaver you forgot about, the account that got phished, the audit you did not expect.

If you are running on shared logins today and want to move to individual accounts without upheaval, that is exactly the kind of change we plan and roll out for practices with minimal disruption. Get in touch and we will map out how to do it in your practice, at a pace that works. It is part of the wider security groundwork we set out here.

Book your free IT health check.

We'll examine your network, tell you exactly where you stand, and what we'd fix. No commitment, no sales patter.

WhatsApp us any time on 01433 377 977or text 07488 890826