Which practice best describes management of service accounts?

Service accounts are non-human identities used by applications or automation. The best practice is to keep them non-interactive, assign only the permissions they need (least privilege), rotate their credentials regularly, and enable auditing to track usage. This setup minimizes risk because compromised credentials won’t allow interactive login, and access is tightly constrained. Regular rotation limits the window of exposure, while auditing provides visibility to detect unusual activity and enforce accountability. Using personal user credentials for automation ties automation to an individual's access, makes rotation and auditing messy, and weakens governance. Keeping passwords static creates long-lived credentials that are easier to compromise. Granting admin rights to service accounts gives too much power and expands potential damage if the account is misused. A safer approach is to use dedicated service accounts or managed identities and store credentials in a secrets manager with automated rotation and strict access controls.