Requires technicians to submit a justification (or valid ticket ref) the first time they access a specific login entry's password (per day/per X hrs since last accessed). There wouldn't be any sort of approval process, but the time, entry details and justification would be recorded in an audit log so satisfy security framework requirements. I was thinking this could be configurable per login entry.