What to do with default users in production envs?

Hi and happy new year,
What is the best practices about dealing with default system users in a production environment. Specially staff@example.com which has staff permissions. I use them some times so I prefer to not remove them. Is this enough to uncheck their is_active field? or maybe it’s better to rename them to something else? any other idea?
Thank you

May be reset the password inside the code base.

1 Like

Changing their active status isn’t enough, as it’s possible for a user to reactivate their own account.

I’d go for changing its email address to something else and resetting its password, that way the account can’t log in or request password resets (or anything else that could be potentially abused).