The security policy should define who access to what (departments. chairs, dean office, registration office, human resources, students, TAs etc). Your answer may vary depending on the logical explanation that you provide. Design an authentication mechanism that is immune to over the shoulder attacks. You must demonstrate the robustness of your design through implementation. While there are several works in this area, you need to outline how your design is different and what are the improvements.