The following is the balance of my question/xomments
Is the problem in user training, secruity systems/operating environment or in system/security management?
3rd – The most control I have enjoyed has been in environments which used a mid-range or mini computer (IBM A/S400 and/or WANG VS/Lightspeed) as opposed to a standard server because the security features inherent in the operating system and extended by specialized software enabled the use of highly selective user profiles.
This eliminated the multiple password problem as the user only had one password to remember – the system controlled the actual access which in some instances was on a data element by data element basis.
4th – Active system security management. In installations which I have managed, when a desktop or workstation was found logged on and the user not present – well, the user had to obtain a new password. Yes, passwords were not chosen by the user, but were issued by security. I had a little program which, when an off