| Some scenarios I have seen: - You have a social media account that a group of people should be able to access. (Facebook does this "right," in that pages don't have their own login credentials, and you go through your personal Facebook account to access the page. But I kind of wouldn't want to use my personal Facebook account for work, anyway. Twitter, Instagram, Reddit, etc. treat each account as its own log-in-able entity.) - You have an AWS account where you want to avoid a single point of failure for the root credentials. Yes, each person should use their own IAM creds for day-to-day use, but if person X is unavailable person Y should be able to get to things. (And for casual projects, "learn about IAM" is a significant burden over "learn how to upload pages to S3" for limited benefit.) - You have a web hosting account from someone who's not AWS who gives you a single username and password. Or a DNS registrar account (most registrars I've seen don't let you split up access). Or whatever. - You have a shared email account for replying to things as a team, or even for just archiving emails. Again, some systems do this "right" - if you're using Exchange, you can allow one user to access another user's inbox. But most people aren't on Exchange, they're on something like Gmail. - You have an account for some service where you shouldn't be sharing passwords according to the service, but doing so is strictly in the service provider's benefit, not yours. Netflix is the canonical example. |