maybe you should encrypt your password field at the very least?
your questions and answers should not be in the user table but in a related table
your switchboard form does not allow for user not being logged in. Perhaps a pain for a developer, but can a user open that form withou logging in? Probably should allow for the potential for null in the form load event anyway.
Simply either DLookup the user level (your UserSecurity field) or create a single record rs with all the details you might need for validation (password, level, questions, etc.) and hide whatever button based on the level. You didn't say which button.
Forget declaring variables for things like message box parameters - unless maybe there could be several variations for each. If the msgbox will be the same regardless, just provid them in the call. The exception I might make is for the message string, but likely not for button choices, warning levels and the like.
EDIT
I am trying to make my Login form option explicit
Option Explicit has a very specific meaning in Access. I would not use that to describe what you want to do as it's somewhat misleading. At first I thought "that has nothing to do with a form" then I guessed you might be referring to options regarding showing controls or not.
The more we hear silence, the more we begin to think about our value in this universe.
Paraphrase of Professor Brian Cox.