A method of controlling access to an interaction context of an application, including receiving login requests pertaining to an access account, each login request including a login password to be matched against an access password associated with the access account. A database includes at least one account record including a password state field indicating whether the access password is a temporary password or a permanent password and a security hold field indicating whether a security hold has been placed on the access account by an administrator. Access is denied upon receipt of a login request when the login password fails to match the access password. Access is denied upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is a security hold on the access account. Access is granted upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is no security hold on the access account. The method includes granting access which is limited to permitting changing of the access password and prompting a change of the access password upon receipt of a login request when the login password matches the access password and the access password is a temporary password.