Principle of Least Privilege

The principle of least privilege (PoLP) holds that any user, account, process, or device should have only the minimum access required to perform its function, and no more. NIST defines it as the security objective of granting users only the access they need to do their work. The reasoning is simple: access you never granted cannot be abused, and a credential that can do little is worth little when it leaks.

Why it limits damage

Least privilege is fundamentally about containing the blast radius of a compromise. If a process can only read one file, malware riding that process cannot rewrite your whole system. If an account cannot move funds, a phished password cannot drain them. Most damaging breaches are not the initial foothold but the lateral movement and privilege escalation that follow, and tight privileges starve that escalation of room to grow.

In a sovereign stack

Apply it everywhere: run daily computing under a non-administrator account, give each app only the permissions it genuinely needs, keep watch-only wallets on your phone so a stolen device exposes balances but not spending authority, and isolate the keys that can actually move coins behind a signing device that does nothing else. The same logic governs API keys for exchanges or mining pools, which should be scoped to read-only whenever spending or withdrawal rights are not strictly required.

Least privilege is the access-control half of zero trust architecture and reinforces a layered defense in depth posture by ensuring that breaching one layer yields as little as possible.