Account naming policy

This is a description of a policy adhering to common, well-tested way of setting up new user accounts within any company. This policy aims to prevent problems, give clarity, and remove discussion on personal preferences.

Generic addresses

These are for both external and internal use, to signify an expected department. For example:

  • press@ for press that wish to reach the company, as well as for the company to reach out and communicate with external press
  • divecenter@ for guests that communicate with the company on anything diving related
  • it@ mainly internal use, for anything related to IT such as problems, requests, etc.

What happens when the communication changes? I.e. a press contact becomes an investor? That is to be decided case by case.

Personal addresses

These are accounts which are much more than just email, even though an email address is the main name to identify it. They are mainly a method of authentication, so the IT system knows who logged in, and give access to all services they should have access to, while keeping out those who should not.

  1. Give each person their own address, for communication inside the company.
  2. If the person has an external responsibility, i.e. communicating with the press, they receive full access to that related address, such as press@ which they must use for these communications.
  3. Recommended naming scheme is firstname.lastname@
    • Deviation is fine, but may cause conflicts or confusion later on (such as duplicate first names)
  4. If a person leaves and someone else takes their place:
    1. The person receives a new personal address
    2. E-mail from the previous persons address is forwarded to this new address
    3. Internal (company) senders receive a warning that the old address is archived and they should contact the new person instead
    4. The previous person’s email is either archived (and deleted after a set period) or deleted

Problems solved

One of the main problem this solves is password sharing, as access to common sources such as generic addresses is assigned to a person. This access can easily be added to a person, and can also be revoked just as easy, without having to change passwords.

Another problem solved is this allows increasing security, as this allows the use of multi-factor authentication, which needs a personal device.