Personal credentials are called personal for a reason. Still many use their personal credentials in various places, where they should not use them. Sometimes, it's easier, sometimes there are no other ways to achieve something. Couple of examples from SCM (Software configuration management) point of view, where using personal credentials should not be used are:
- doing deployments to test or production servers
- continuous integration runs, and other automated quality assurance
- integration or migration scripts
Don't get me wrong, I'm not saying that credentials are not needed at all. What I'm rather saying is that you should be using separate credentials created specifically for this purpose. I'm going to address three distinctive cases below why using specific credentials to the purpose, instead of personal ones are the way to go.
1. Password changes
Nearly every organization has a centralized user directory, such as LDAP or Microsoft Active Directory in place. Your credentials are stored there, and all of the software development tools are configured to authenticate and authorize against that. In the case where you change your password, you would need to track down every place you used the personal credentials and change them accordingly.
2. Personnel changes
A similar situation occurs, when a team member whose credentials were used, leaves a team or the company. Other team members need to track every different place where the leaving team members credentials were used. IT might not even be certain where they were used. Both this and the changing passwords can also cause nasty surprises when things start to break without any apparent reason until the reason - personal credentials - is revealed.
The third, but perhaps the most prominent of the three is the fact that whenever you write down your personal credentials somewhere, there's a high chance that someone else is able to read them. Because it is typical that the same credentials, especially when using a centralized user directory, are used in various tools, which exposes the person misusing his personal credentials to identity theft or misuse.
The bad news is, there are no explicit solutions to prevent people from misusing their personal credentials. The good news is that tools such as Deveo have solutions to overcome this problem. Deveo solves impersonal credentials with a concept called bot accounts. Bots in Deveo can be used for authentication and authorization for deployments, continuous integration tools, and API access for any 3rd party tool.
Share your worst nightmares related to misusing personal credentials by commenting below.