Page Comparison

Actually, thanks to Brent Downey and his great tip in this article - Best Practices for Managing Salesforce Users - Admin Hero - Deactivate all users that won't be using the Sandbox (Hint: if you are a developer, add it to your Class that gets run on creation of the Sandbox). And remember to deactivate a user from ALL the sandboxes if they leave the org. Now, regular users may not be able to log into your Sandbox if you have not changed the email address of the user because they won't get the validation message. But, I'm not sure how that works if you have assigned IP ranges or you have text message validation turned on - so just double check all that and make sure you know who has access to all your orgs.

Now, having thought that through a bit, you as the System Administrator may not actually have access to every Sandbox that has been created ("Manage Sandbox" is the permission level). If another user has created one, AND they haven't changed your email address, then you will not be able to log into it. This is NOT cool! (again, add it to your class, and make it a company policy that any Sandbox must have these people activated on it). Of course you can just refresh the sandbox, but that might not win you friends .