This page is to develop the problem statements and material to frame research on user management.
Security
Passwords
no complexity rules or regular changes (against good practice)
no self-reset of password (adds admin burden)
Multi-factor authentication (now the norm and best practice)
Pass-through authentication for staff should be investigated (access is simpler)
User roles
Need to be reviewed and if necessary amended.
Monitoring
Monitoring access by users (to ID suspicious activity)
...