A friend of mine told me recently about his adventures using TightVNC. When you install TightVNC it asks for two passwords.
Hmm. Wonder what that’s about.
Now its time to log in.
Surprise! The behavior of the software depends on what password you used to log in. Permissions are not tied to the user but to the password. If I’m John who came in with password Snoopy, I have one set of permissions, but if I’m John who came in with password Linus, I get another set of permissions.
I suppose this makes sense in isolation, but it’s completely contrary to convention. Yes, it could make sense for one person to have two sets of permissions. But this is nearly always done by having two accounts, not two passwords for the same account. Convention is to associate privilege with a user, not with how the user logged in. I see how it could be convenient to have two sets of privilege associated with one account, but there’s no indication in the log in dialog that it matters what password you enter. A better solution would be to have someone log in with one password, but if they have multiple privilege options, show radio buttons and ask which set of privileges they want to exercise.