Security Notes
Individual user accounts should be created for each person who works with the Automation Server. Sharing the same user account among several people is not recommended.
Users should use passwords which are secure and difficult to guess. Therefore, passwords should be sufficiently long and complex. The same password must not be used for different user accounts or multiple services (for example, computer login, email, PLC password, social networks).
Multi-factor authentication should be activated for all user accounts.
For more information, see: Using Multi-Factor Authentication (MFA) to Sign In to the Server
User accounts with administrative permissions may be used for administrative tasks only. If a person performs both administrative and non-administrative tasks, then an additional user account has to be created for the non-administrative activities, and this account only has the permissions required for these activities.
Every created user account should be granted only those permissions which are required for the intended activities of the user. Additional user accounts should not be created beyond the required user accounts.
The user accounts of people who leave the company should be locked or deleted soon afterwards (NoAccess role).