Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
An orphan account is a corporate account that has permissions to access sensitive data or internal systems but does not belong to a specific legitimate user. These types of user accounts can be a significant liability to businesses.
Experts point out that various types of orphan accounts include Active Directory and OpenLDAP accounts, but also more broadly characterize these accounts as accounts that are left behind by a transitioning party. The practice of identity access management has a lot to do with preventing the unauthorized use of orphan accounts.
Suppose someone in a high position or in a sensitive department leaves a company, and their account is not deactivated. This dormant account can be used as an orphan account if unauthorized third parties somehow get access. In a way, an orphan account is very similar to a stray house key that is left behind after a property has changed hands. That key can be used for unauthorized access – an orphan account in a corporate system can be used in much the same way.