You could encapsulate the "restricted" interface in another type, and only allow that type to be created with valid credentials. Something like
class Account {
public:
struct Accessor {
Accessor(Account & a, string acct, string pin) : account(&a) {
if (acct != a.privAcct || pin != a.privPin) {
throw BadCredentials();
}
}
void changePin() {account->changePin();}
// and other functions
Account * account;
};
private:
string privAcct, privPin;
// Only accessible through an Accessor
void changePin();
// and other functions
};
Usage:
Accessor(account, acct, pin).changePin();
Or, if the entire interface is restricted, you might simply put the validation in the constructor of Account
itself.