Deprecate informal "Access Keys" in favor of hashed user-level passwords with corresponding management tools.
Every user should be able to change her own Access key, so that no body known there Access key. The Gamemaster must send there Access key to the users and after that the user must change the Access key so that nobody that is reading that message can enter into the users account.
A new button unter 'Game Settings' with the name 'Configure Player' with the same icon as the 'Configure Players' Button from the Gamemaster. Than the User Management dialog should be opening only with this user and where he can only change his own password.
It don't has the highest priority, but every service has a method that the user can change there password.