The key to making this effective is granularity. For access to some critical functions—like changing administrative privileges—the granularity should be very fine indeed. Since relatively few people in the organization have or need such access to those critical functions, this is much easier to manage.

"For an organization of any size, say the government of a city of a million people, you really need to get serious about how you manage privileges," Laird says.

Laird points out that in the military, NASA and other organizations, critical actions require more than one person's action. The classic example is launching a nuclear missile where at least two officers have keys to the firing console and both must use them simultaneously. Requiring more than one person to perform a potentially damaging action means that it will probably require collusion of two or more people and lessen the likelihood of a problem.

Much of what happened in San Francisco falls under the heading of identity management and access control. There are a number of companies with good IM/AC packages out there, but generally there is more focus on identity management (setting and protecting passwords) than access control (deciding what those passwords let you get to). Certainly an action like creating a super password should require more than the appropriate privilege level.

But much more significantly, all the software in the world can't substitute for awareness of the issue and a willingness to take steps to prevent it.

Rick Cook has written thousands of articles and several books on computers and management. He is also the author of several fantasy novels full of bad computer jokes.