Best practices: accounts, permissions and alternative credentials