Read as
Last updated: April 29, 2026
Every AD has a “break glass” account: backup_admin, recovery_account, etc. Reasoning: “what if everything else fails?” Reality: account exists with full rights, no MFA, password unchanged for years.
Every AD has a “break glass” account: backup_admin, recovery_account, etc. Reasoning: “what if everything else fails?” Reality: account exists with full rights, no MFA, password unchanged for years.
Attackers find it. Use it. Backup-admin compromise = full domain compromise with no anomaly detection.
The mindset: break-glass accounts must be specifically monitored. Any login = SOC page. Vault the password. Hardware-token MFA. Audit quarterly.
🧠
Check your understanding
Module Quiz · 3 questions
Pass with 80%+ to mark this module complete. Unlimited retries. Each question shows an explanation.
Want this for your team?
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.
Book team training call
Replies in 4 working hrs · India-only · Senior consultants