When shared accounts or authenticators are employed, require users to be individually authenticated before granting access to the shared accounts or resources.
Individual authentication prior to shared group authentication mitigates the risk of using group accounts or authenticators.