Use last logon notification. Many systems display a message
               including the time, date, and location (such as the computer name or

               IP address) of the last successful logon. If users pay attention to this
               message, they might notice if someone else logged onto their account.
               For example, if a user logged on to an account last Friday, but the last
               logon notification indicates someone accessed the account on
               Saturday, it indicates a problem. Users who suspect someone else is
               logging on to their accounts can change their passwords or report the
               issue to a system administrator. If it occurs with an organizational

               account, users should report it following the organization’s security
               incident reporting procedures.

               Educate users about security. Properly trained users have a better
               understanding of security and the benefit of using stronger passwords.
               Inform users that they should never share or write down their
               passwords. Administrators might write down long, complex passwords
               for the most sensitive accounts, such as administrator or root

               accounts, and store these passwords in a vault or safety deposit box.
               Offer tips to users on how to create strong passwords, such as with
               password phrases, and how to prevent shoulder surfing. Also, let users
               know the dangers of using the same password for all online accounts,
               such as banking accounts and gaming accounts. When users use the

               same passwords for all these accounts, a successful attack on a gaming
               system can give attackers access to a user’s bank accounts. Users
               should also know about common social-engineering tactics.