An apparatus for use as a single sign on entity (100) for controlling access to one or more devices (104a-d) in a computer network, the devices accessible with a device access password; the apparatus comprises a password generator configured to generate current and future device access passwords, a back-up controller configured to store a back-up comprising the current and future device access passwords at the time of the back-up in a memory, a password changer configured to change the current device password to one of the future device access passwords and to control a transmitter to transmit data implementing the change to the device, wherein the back-up controller is configured to restore the device access password from the backed-up future device access passwords, losing the current device access password.