Break glass accounts: what IAM teams miss about emergency access

TL;DR: Break glass accounts are emergency access controls meant to restore control during MFA outages, account lockouts, or active breaches, but the Uber incident shows how hardcoded credentials and overprivileged admin access can turn them into a takeover path, according to Zluri. Emergency access only works when it is tightly governed, tested, and isolated from everyday identity workflows.

NHIMG editorial — based on content published by Zluri: Access Management Break Glass Accounts, Emergency Access to Bypass Lockouts

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.

Questions worth separating out

Q: What breaks when break glass accounts are treated like everyday admin access?

A: When emergency access is treated like routine administration, it stops being an emergency control and becomes standing privileged access.

Q: Why do break glass accounts need separate governance from normal IAM controls?

A: They need separate governance because their whole purpose is to bypass broken controls during recovery, which means they operate outside standard access paths by design.

Q: How can security teams tell whether emergency access is actually under control?

A: Look for clear ownership, documented activation criteria, vault-based storage, logging, and periodic drills that prove the account still works under stress.

Practitioner guidance

• Separate emergency access from operational administration Create dedicated break glass identities that are never used for daily administration, never shared with general admins, and never embedded in operational scripts or repositories.
• Remove hardcoded privileged secrets from operational code Scan scripts, config files, CI/CD systems, and admin tooling for embedded credentials and move recovery secrets into controlled vaults with explicit issuance and retrieval logging.
• Test recovery access as a governed drill Run periodic emergency access exercises that prove the account works during an outage, confirm access is logged, and verify revocation paths after the drill ends.

What's in the full article

Zluri's full article covers the operational detail this post intentionally leaves for the source:

• Step-by-step guidance on creating break glass accounts with split-password storage and vault placement.
• The article's recommended 90-day review cadence and how Zluri frames simulated validation of emergency access.
• Specific situations where the vendor suggests break glass use, including MFA outages, lockouts, and active breaches.
• Zluri's access management and access review product framing for provisioning, deprovisioning, and periodic audits.

👉 Read Zluri's guidance on break glass accounts and emergency access →

Break glass accounts: what IAM teams miss about emergency access?

Explore further

View Full Forum →  |  NHI Foundation Course →