Stefan just became the new security officer for a university. He is concerned that student workers who work late on campus could try to log in with faculty credentials. Which of the following would be most effective in preventing this?

Restricting each faculty account so that it is only usable when that particular faculty member is typically on campus will prevent someone from logging in with that account after hours, even if they have the password. Usage auditing may detect misuse of accounts but will not prevent it. Longer passwords are effective security, but a longer password can still be stolen. Credential management is always a good idea, but it won’t address this specific issue.