Yes, I agree. I realize this isn't feasible everywhere, but having access tied to a user account (and then auditing and limiting that access) can serve as a replacement. E.g., want to select a single row? Fine, but if they're dumping the db something is phishey.
Ironically, user accounts are in one sense more secure (than a system account with a shared password) because they can use 2fa (and there's no inherent need to distribute the password).
Ironically, user accounts are in one sense more secure (than a system account with a shared password) because they can use 2fa (and there's no inherent need to distribute the password).