Alternatives to Password Sharing
When you share your PennKey password you give others access to
everything your PennKey gives you access to though you are still
responsible for anything they do in your stead. Sharing passwords
is a violation of Penn's Policy
on Acceptable Use in the Electronic Computing Environment.
Sometimes people share passwords because they need to delegate
activities to others. Rather than share your password, you should
find safe ways of delegating work to others. In some cases this
can be accommodated simply by asking your Local
Support Provider (LSP) or your system administrator to create
a new account with the same privileges and access that you have.
Another reason often cited is vacation coverage: someone gives
their ID and password to a co-worker while they're away from the
office. The proper way to handle this situation is to make prior
arrangements for the backup person to obtain a separate account
and password, one that grants them only the access they require
during vacation and other absences.
Some suggestions for typical university computing services are
If you use Kerberos (PennKey) authentication on a campus mail server
(e.g. on pobox, dolphin, mail.med or ben.dev) you can grant people
access to your account by listing the authorized PennKeys in your
account. The owners of those PennKeys can then access your e-mail
account using their own PennKey, but they wouldn't be able to obtain
access to any other PennKey-authenticated services by impersonating
you. Information regarding this "proxy authentication"
has been distributed to LSPs.
With some calendaring software (e.g.; Microsoft Outlook), you can give someone
else the ability to maintain your calendar without sharing your
account and password.
GRAM - Grant Reporting and Management System
With GRAM, it is not necessary for faculty members to share their
PennKey and password with support staff in order to grant them proxy
access. Designated individuals can be granted access to projects
for specific Principal Investigators.