Logon processes have been used as security mechanisms to restrict access to a resource. In operation, a logon process collects identification and authentication information from an entity desiring access. Typically, the identification information takes the form of a username, and the authentication information takes the form of a password. If the username and password combination is recognized, the entity is provided access to the resource.
In some situations, it is desired to provide access to entities even if they cannot provide a valid username and password. For example, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 can be interpreted as requiring a logon process that prevents unauthorized entities from gaining access to a computer-based medical information system but does not prevent a health care provider from obtaining necessary information from the system during a crisis. For example, in an emergency when no administrators are available for help, a physician or other health care provider must be able to logon to a medical information system even if he has not been assigned or cannot remember a valid username and password. One approach to satisfying this conflicting requirement is to establish a reserved but not widely-known username and password combination, such as a username “emergency” that requires the password “emergency,” that will provide access to an entity in an emergency. There are several shortcomings to this approach. First, an entity may not be able to remember the reserved username and password combination in a time of emergency. Additionally, a reserved username and password such as “emergency” “emergency” does not provide an administrator with the identity of the entity who invoked the emergency logon.