A break glass account is an emergency-access account reserved for exceptional situations when normal administrative access is unavailable or unsuitable. It matters because organizations sometimes need a last-resort administrative path during outages, lockouts, or severe incidents.
What is a Break Glass Account?
Break glass accounts are typically highly privileged and tightly controlled. They exist for rare emergency use, with strong oversight, auditing, storage controls, and procedures to ensure they are not used casually or left exposed.
What Break Glass Controls Commonly Include
Common protections include strong credential storage, MFA where possible, documented approval procedures, strict monitoring, physical or logical separation, and mandatory post-use review.
Break Glass Account vs. Normal Admin Account
A normal admin account supports routine operations. A break glass account is reserved for exceptional contingency use when ordinary paths fail or cannot be trusted.
Frequently Asked Questions
Why do break glass accounts exist?
Because rare situations can lock administrators out of critical systems, and a controlled fallback may be necessary to restore operations safely.
Are break glass accounts risky?
Yes. Their high privilege makes them valuable targets, so they need strong governance and minimal use.
