Describe the characteristics of service accounts and best practices for their management.

Service accounts are identities used by applications rather than people. They are typically non-interactive, meaning they aren’t intended for human login, and they can be long-lived to support ongoing service operation. They should be managed separately from human user accounts so policies and monitoring can be tailored to machine credentials rather than people. Best practices include rotating their credentials regularly to limit the window of exposure, monitoring their usage to detect unusual or unauthorized activity, applying least privilege so the application only has access it truly needs, and disabling the account when it’s no longer in use to avoid forgotten, dormant credentials. In practice, automate credential rotation, use dedicated secret management, and favor short-lived tokens when possible. Other descriptions don’t fit because a service account isn’t a regular employee account, shouldn’t have admin rights by default, and should still undergo credential rotation to maintain security.