1. A best-practices principle that states that users have only the minimum access they need, and no more. Example: System administrators typically have multiple accounts with different rights. For example, when I'm logged in as a normal user, I do not have rights to administrator my own machine. I must login as a separate account in order to administer the system, then log out as soon as I'm done. Most UNIX systems will use the hash/pound sign # at the command prompt in order to hint to the user that they have root access and should be careful. Key point: One of the leading causes of security breaches is authorization creep: as users change roles, they often get new privileges, but old privileges are rarely taken away. From Hacking-Lexicon