Require a second factor of authentication that is of a "something you have" variety (smartcard, OTP etc.)?
Cheers Ken From: David Lum [mailto:david....@nwea.org] Sent: Tuesday, 5 June 2012 12:23 AM To: NT System Admin Issues Subject: How to prevent a controlled password from being handed out.. In our case it was the administrative PGP encryption password that would let you log in to any encrypted system. Our Service Desk would occasionally hand it out to users instead of going through an extended rigmarole to get in themselves: Make it something embarrassing to say! I did this a few months ago and it has worked wonders...I am certain they haven't handed it out to anyone, but :) David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin