This study proposed a multilevel authentication security scheme for controlling access to private and sensitive information against unauthorised users. The scheme is composed of face recognition at the first level and username/password authentication, at the other level. The face recognition was modelled using principal component analysis, while the username and password employed VB.Net password tool. One hundred users were enrolled and their faces captured using a webcam; they were afterward used to access the performance of the proposed system. The results showed that access could only be granted by successful validation of the combined authentication levels. However, it was observed that the face recognition accuracy of the scheme could be impeded by the wrong positioning of the capturing device. Nevertheless, experiment showed that the scheme could provide a stronger protection of sensitive information than the single security level authentication scheme.