Logically, it'd hafta execute before the dashboard (or maybe integrate it into the dash so that the first thing that's done is enter the password). Another thing to consider is clear text storage or encrypted storage of the password, what file it'd be stored in, and if using encryption what type (MD5, RSA, etc.).