Updated: October 11, 2021
Sometimes an employee leaves a company without sharing usernames and passwords for the online marketing accounts that they set up. This has become more prevalent during the Great Resignation.
Marketing-related accounts include:
- Email marketing & marketing automation systems (MailChimp, Constant Contact, ActiveCampaign)
- Websites (WordPress, Wix, Squarespace)
- Social media accounts (Twitter, Instagram, Pinterest)
- Google accounts (My Business, Analytics, Ads, Search Console, YouTube)
Why can these types of accounts be particularly problematic? Because the setup of online marketing-related accounts often happens outside of the IT department’s oversight.
And what if the company did not have a policy of keeping all business account usernames and passwords in a company controlled password manager?
The issues described below can also apply when a marketing contractor or agency sets up online account access using their own domain email addresses. We’ve heard horror stories about a relationship with a marketing agency ending—and marketing account access ending along with the relationship.
When Recovering Account Access Can Be Easy
Not having account passwords isn’t a major problem if the username (usually an email address) for the online accounts is the former employee’s business email address.
In this case, when that person leaves the company all you have to do is:
1. Ask your email system administrator to reset the password for the email account and let you know what the new password is.
2. Request a password reset from the online vendor.
The password reset instructions will arrive in an inbox that you have access to.
But what if the employee left without even sharing the username for one or more online accounts?
When Recovering Account Access Is Difficult (or Impossible)
When there’s no available username for an online account, there is no way to request a password reset from a vendor’s login screen.
In some cases, you can successfully plead your case with the online vendor’s customer service department.
In other cases, access to that account can never be recovered without the cooperation of the former employee.
Lack of cooperation can mean orphaned online accounts.
Orphaning is most common for Google accounts. A former employee’s consumer Gmail account may have been used for Google business services such as:
- Google My Business
- Google Analytics
- Google Ads
- Google Search Console
There are about 1.5 billion active consumer Gmail accounts, so good luck starting up a dialog with Google customer service about getting access to these.
How to Avoid Losing Access to Marketing Accounts
How do you avoid losing access to Google and other online accounts?
1. Never allow an employee to use their own personal email address—Gmail or otherwise—for setting up access to an online marketing account that will be used by your business.
2. Do not allow a marketing contractor or marketing agency to control online account access by using one of their domain email addresses.
3. Don’t use consumer Gmail for business account access.
When Consumer Gmail is Used For Access to Google Accounts
When a company is not using Google Workspace, a consumer Gmail account is often the default way to access Google accounts such as Google My Business and YouTube.
If this is done, the Gmail account should be controlled by the business—not by the employee. The recovery information (mobile number, secondary email) should be that of a business owner.
However, if an employee is using this Gmail account, there is nothing to stop the employee from altering the recovery information. Therefore, it’s better to use one of the following approaches.
Best Practices For Google Workspace Customers
If your company uses Google Workspace, you do not need a personal Gmail account for any of the above listed Google Services.
Instead, you can set up a generic Google Workspace account such as firstname.lastname@example.org.
This account will be managed by your Google Workspace administrator. The address is known. It’s easy for the administrator to reset the password if it’s lost. The business owns the account, not the employee.
Best Practices For Microsoft Office 365 Customers
When a business uses Office 365 (or any non-Google Workspace email), a email@example.com can still be set up.
In this case, a Google account without Gmail can be created. When you set up a Google account for marketing purposes, Select the “Use my current email address instead” option and enter your firstname.lastname@example.org address.
This gives your Office 365 administrator the ability to reset the email account password if an employee leaves.
With the right practices in place, a lot of time can be saved and inconvenience can be avoided.