>> What more can someone do beyond basic passwords to keep unwanted users
I would add to the list of security practices to train the users of the
system how to recognize and resist "social hacking". This may be an
even more risky area of computer security than any of the software
solutions we programmers can implement.
or books by Kevin Mitnick