The Ultimate Guide to Non-Human Identities Report
Top 10 Non-Human Identity Issues

Here is our Top 10 Non-Human Identity (NHI) Issues :

1. Plain-Text / Unencrypted Credentials – organisations will find that many NHIs have been hard-coded into source-code repositories and therefore can be easily discovered by both External and Internal Threat Actors.

2. Full Inventory of Non-Human Accounts – obtaining an inventory of all NHIs is very challenging, as there could be many platforms, end-points, directory services, cloud integrations where these NHIs exist.

3. Stale / Inactive Accounts – due to weak lifecycle process, a lack of visibility of usage information and a lack of inventory, many NHIs end up inactive. This increases the attack surface area. We have found orgs where some accounts have not been used for 20+ years and in excess of 50% of the accounts are stale / inactive.

4. Lack of Account Ownership – after addressing inventory issues, the next key thing that needs to be done is ensuring we identify an owner for each NHI, so we know who to contact to drive hygiene/remediation activities or when an NHI account get’s compromised

5. Humans Using Non-Human Accounts – humans using NHIs has always been a problem, as it has been very easy to bypass controls and use a NHI account to access assets/data. With the focus on Privilege Access Management (PAM), humans have started to lose permanent access to environments, in particular production – rather than use PAM controls they have shifted to using NHI accounts.

6. Excessive Privileges – NHIs in general are highly privileged accounts, but we see in many cases NHIs are given excessive privileges, when much lower permissions would suffice.

7. Lack of Credential Cycling – cycling / rotating NHIs is a very challenging for a number of reasons e.g. lack of passwordLastChange information, unknown dependencies that could cause operational impact, changes required to application code/config, lack of vaulting of credentials, lack of end-point cycling capabilities.

8. Lack of Environment Segregation – we see many cases where the same NHI is used in product and non-production environment, increasing the risk of lateral movement.

9. Sharing of Credentials across Apps – we see many examples where NHIs are shared across applications, which breaks principles of need-to-have and least-privilege. This also makes things like password cycling much more complex.

10. Non-Complex Passwords – NHI passwords have been found to be non-complex and therefore prone to password guessing attacks.

What’s In Your Top-10 ?

Want to know more – view our white paper on Managing Non-Human Identity Risks that covers this risks in much more detail or watch our Animated Video above.

Overview Of The Non-Human Identity Management Group

Our animated video explains about our Non-Human Identity Management Group

The Non-Human Identity Management Group is the market leading Research and Advisory group that helps organisations manage the significant risk exposure from Non-Human Identities (NHIs)

We provide Independent Guidance and Advice for clients looking to manage the risks around Non-Human Identities – our team has been advising, establishing and managing global regulatory IAM / NHI programs for over 25 years at major financial institutions.

The Non-Human Identity Management Group is the market leading Research and Advisory group that helps organisations manage the significant risk exposure from Non-Human Identities (NHIs) i.e. Service Accounts, Machine Identities, Workload Identities, API Keys, OAuth Tokens, Certificates, Secrets.

Our NHI Mgmt Group was founded by an IAM Industry Veteran, who has managed some of the largest global regulatory NHI programs, author of major White-Papers and Research Articles on NHIs, KeyNote speaker, established the thriving NHI LinkedIn Community Group and recognised as the #1 NHI Evangelist / Voice in the industry.

We have the most comprehensive Knowledge Centre on NHIs including foundational Articles on NHIs, Industry White-Papers, Major Breaches, Research Reports, Blogs, Educational Videos, Industry Surveys, Newsletters as well as details of Products that support the risk management of NHIs.

Non-Human Identity Management Risks Explained

Our NHI Mgmt group launches the worlds first Animated Video on Non-Human Identity Management Risks for Beginners / Dummies. We cover in simple terms :

  1. What are Non-Human Identities (NHIs)?
  2. Why should you be concerned?
  3. What are the key risks?
  4. The huge secrets sprawl Problem
  5. Major NHI breaches
  6. How our Non-Human Identity Management Group can help

#1 Authority in NHI Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs).

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.