Executive Summary
Credential sharing—when multiple people use the same PyjamaHR login—is one of the most common causes of account lockouts, security flags, and workflow disruptions for PyjamaHR customers. This article explains why credential sharing is not allowed, how PyjamaHR detects and responds to it, and provides actionable best practices to ensure your team stays secure, compliant, and productive.
Detailed Overview
What Is Credential Sharing and Why Does It Matter?
Credential sharing occurs when more than one person uses the same PyjamaHR username and password to access the platform. PyjamaHR’s SOC-2 compliant security system is specifically designed to prevent this for several reasons:
Security: Shared credentials increase the risk of unauthorized access, data breaches, and account hijacking.
Compliance: SOC-2 and other data privacy standards require strict user-level access controls.
Auditability: Individual user actions must be traceable for accountability and troubleshooting.
System Integrity: Simultaneous logins from different locations/devices can trigger anti-hijacking protocols, resulting in account freezes.
PyjamaHR’s Policy:
Each user credential is for one person only. Sharing credentials is not permitted and will result in account flags, temporary suspensions, or even permanent restrictions.
How PyjamaHR Detects Credential Sharing
Multiple Logins: The system tracks logins from different devices, browsers, and locations.
Simultaneous Sessions: If the same account is accessed from two places at once, it is flagged.
Geographic Discrepancies: Logins from distant locations (e.g., US and India within minutes) trigger alerts.
Repeated Offenses: Accounts repeatedly flagged for sharing may be permanently restricted.
What Happens When You Share Credentials?
- Account is automatically frozen for investigation.
- All users are locked out until support intervenes.
- You may be required to verify your identity and explain the activity.
- Repeated violations can result in permanent loss of access.
Step-by-Step Guide: How to Avoid Credential Sharing in PyjamaHR
1. Always Use Individual User Accounts
Add Team Members Properly:
Go to Settings > Team Members.
Click Invite Team Member.
Enter their work email and assign the appropriate access level (Super Admin, Hiring Manager, Recruiter, Interviewer, etc.).
Each team member receives their own invite and sets their own password.
Never Share Your Login:
Do not give your email/password to anyone else, even temporarily.
If someone needs access, invite them as a user.
2. Understand User Access Types and Billing
Billable vs. Non-Billable Users:
Only billable users (Super Admin, Hiring Manager, Recruiter) can manage jobs and candidates.
Interviewers and External Recruiters are non-billable and can be added for free.
Adjust User Count as Needed:
Remove users who have left the organization.
Downgrade access for users who no longer need full permissions.
3. Login Best Practices
One Device at a Time:
Avoid logging in on multiple devices simultaneously (e.g., office laptop and home PC at the same time).
If you switch devices (e.g., travel between office and home), log out from the previous device first.
Traveling or Remote Work:
If you travel or work from multiple locations, inform your admin/support if you get flagged.
Avoid using VPNs with dynamic IPs that frequently change locations.
Password Security:
Change your password if you suspect it has been shared or compromised.
Use strong, unique passwords for your PyjamaHR account.
4. What to Do If You Need Temporary Access for Others
Never Share Credentials:
Even for short-term needs, always invite the person as a user.
Remove or downgrade their access when no longer needed.
Temporary Role Changes:
If someone needs Super Admin access temporarily, add them as a Super Admin, then revert their role after the task is complete.
Advanced Usage & Best Practices
Power User Tips
Onboarding New Team Members:
Use the invite system to onboard new hires, contractors, or external recruiters.
Assign the minimum necessary access level.
Managing Departures:
Immediately remove access for users who leave the company to prevent unauthorized logins.
Audit User Activity:
Regularly review the Team Members list and login history for unusual activity.
Integrations:
For integrations (e.g., Outlook, Gmail), ensure each user connects their own account.
Do’s and Don’ts
Do:
- Use the built-in user management tools.
- Assign unique credentials to every user.
- Contact support if you’re flagged for suspicious activity and are not sharing credentials.
Don’t:
- Share your login, even with trusted colleagues or assistants.
- Use generic/shared email addresses for multiple people.
- Ignore repeated account flags—address the root cause.
Troubleshooting & Common Issues
Common Error Messages & What to Do
“Suspicious activity detected. Your account has been flagged for suspicious activity. For security reasons, access has been temporarily suspended.”
- Cause: Multiple logins from different devices/locations, or credential sharing.
- Solution:
- Contact support and explain your situation.
- Change your password.
- Ensure only you are using your credentials.
- Invite others as users if needed.
“Account frozen while our team investigates.”
- Cause: System detected possible account sharing or hacking.
- Solution:
- Respond to support’s request for information.
- Do not attempt to bypass the lockout by creating new accounts.
“Multiple logins detected from different locations.”
- Cause: Simultaneous logins or rapid location changes (e.g., VPN).
- Solution:
- Log out from all devices.
- Use only one device at a time.
- Avoid using VPNs with dynamic IPs.
What If Scenarios
What if I need to work from two locations (e.g., home and office)?
Log out from one device before logging in on another.
If flagged, explain your situation to support.
What if my account is flagged but I haven’t shared credentials?
Check if you’re logged in on multiple devices or browsers.
If not, contact support for investigation.
What if my team needs access while I’m on leave?
Add them as users with appropriate access.
Remove or downgrade their access when you return.
What if my account is repeatedly flagged?
Review all devices and locations you use.
Change your password.
Ensure no one else has access.
Comprehensive FAQ
1. Can I share my PyjamaHR login with my assistant or team?
No. Each user must have their own login. Sharing credentials is not permitted and will result in account lockouts.
2. What happens if I share my credentials?
Your account will be flagged, frozen, and may be permanently restricted after repeated offenses.
3. Can I log in from multiple devices?
You can, but not simultaneously. Always log out from one device before logging in on another.
4. Why was my account flagged for suspicious activity?
This usually means the system detected multiple logins from different devices, locations, or browsers.
5. How do I add a new team member?
Go to Settings > Team Members > Invite Team Member. Enter their email and assign access.
6. What if I need to temporarily give someone access?
Invite them as a user and remove/downgrade their access when done.
7. Can I use a generic/shared email for multiple people?
No. Each user must have a unique email and login.
8. What if I travel or work remotely?
You can use PyjamaHR from different locations, but avoid simultaneous logins and inform support if flagged.
9. What should I do if my account is locked?
Contact support, explain your situation, and follow their instructions.
10. How do I remove a user who has left the company?
Go to Settings > Team Members, find the user, and remove them.
11. Can I see who is logged in or has access?
Yes, review the Team Members list in Settings.
12. What if my account was hacked?
Change your password immediately and contact support.
Related Features & Next Steps
User Access Management:
Security & Compliance:
SOC-2 compliance details (contact support for documentation)
Password reset procedures
Account Recovery:
Billing & User Management:
Recommended Next Steps:
- Audit your current user list and remove any unnecessary users.
- Educate your team on credential sharing risks and policies.
- Set up a process for onboarding/offboarding users.
- Contact support if you have unique workflow needs or encounter repeated flags.
Summary Table: Do’s and Don’ts
Do | Don’t |
Invite each user individually | Share your login with anyone |
Remove users who leave | Use generic/shared emails |
Log out before switching devices | Stay logged in on multiple devices simultaneously |
Contact support if flagged | Ignore repeated account flags |
Use strong, unique passwords | Use the same password for multiple users |
Still Need Help?
If you have followed all best practices and are still experiencing issues, please contact PyjamaHR Support with the following information:
- Your registered email address
- Description of the issue
- Any error messages received
- Recent changes to your team or devices
We’re here to help you keep your account secure, compliant, and running smoothly!
Related Articles:
- Understanding Access Types
- Inviting Team Members
- How to Reset Your Password
Last updated: March 2025
Applies to: All PyjamaHR plans (Premium, Agency, Individual)
Contact: [email protected]
Screenshots to Include:
- Team Members invitation screen
- User access level selection
- Account flagged error message
- Settings > Team Members list
- Password reset screen
By following these best practices, you’ll avoid the most common causes of account lockouts, keep your data secure, and ensure a smooth hiring workflow for your entire team.