Sometimes an employee leaves a company without sharing usernames and passwords for the online accounts that they set up. These are often marketing-related accounts such as:
- Email marketing & marketing automation systems (MailChimp, Constant Contact, ActiveCampaign)
- Websites (WordPress, Wix, Squarespace)
- Social media accounts (Twitter, Instagram, Pinterest)
- Google accounts (My Business, Analytics, Ads, Search Console, YouTube)
Why can these types of accounts be particular problematic? Because the setup of online marketing-related accounts often happens outside of the IT department’s oversight.
And what if the company did not have a policy of keeping all business account usernames and passwords in a company owned password manager?
When Recovering Account Access Can Be Easy
Not having account passwords isn’t a major problem if the username (usually an email address) for the online accounts is the former employee’s company email address.
When that person leaves the company all you have to do is:
1. Ask your email system administrator to reset the password for the email account and then let you know what the new password is.
(Alternatively, you can ask your email administrator to forward you all new emails sent to the former employee’s email address.)
2. Request a password reset from the online vendor.
Password reset instructions will arrive in an inbox that you have access to.
But what if the employee left without first sharing the username for one or more online accounts?
When Recovering Account Access Is Difficult (or Impossible)
When there’s no available username for an online account, there’s of course no way to request a password reset from a vendor’s login screen.
In some cases, you can successfully plead your case with the online vendor’s customer service department.
In other cases, access to that account can never be recovered without the cooperation of the former employee.
Lack of cooperation can mean orphaned online accounts.
Orphaning is most common for Google accounts. A former employee’s consumer Gmail account may have been used for Google business services such as:
- Google My Business
- Google Analytics
- Google Ads
- Google Search Console
There are about 1.5 billion active consumer Gmail accounts, so good luck starting up a dialog with Google customer service about getting access to these.
How to Avoid Losing Account Access
How do you avoid losing access to Google and other online accounts?
1. Never let an employee use their own personal email address—Gmail or otherwise—for setting up access to an online account that will be used by your business.
2 Set a policy that requires all of the business’s online passwords to be added to a shared password database.
Why Consumer Gmail is Used
When a company is not using Google Workspace, a consumer Gmail account is often the default way to access to Google Services.
Sometimes, a Google account without Gmail is set up.
In either case, the email account should be controlled by the owner of a business. For Gmail accounts, the recovery information (mobile number, secondary email) should be that of a business owner.
Best Practices For Google Workspace Customers
If your company uses Google Workspace, you do not need a personal Gmail account for any of the above listed Google Services.
Instead, you can set up a generic Google Workspace account such as firstname.lastname@example.org.
This account will be managed by your Google Workspace administrator. The address is known. It’s easy for the administrator to reset the password if it’s lost. The business owns the account, not the employee.
With the right policies and systems, a lot of time can be saved and inconvenience can be avoided.