Watch this video on YouTube
What would be the MOST effective method for an information security manager to ensure that all access to a critical device, initially delivered with a single user and password meant to be shared among multiple users, is appropriately authorized?