The regulation defines 2 scenarios: a 'continuous period of controlled access and individual signings. During a period of continuous controlled access, the user signs on once with full credentials (typically username and password) and then for each signature, supplies the component only usable by the individual (i.e., the password). So in your case, to be fully compliant with e-signature requirements, you would need to prompt for the password for each item signed. And yes, this is built into the software (don't see how that could be done otherwise).
Note that there are considerations for the continuous controlled access; e.g., timeouts after some period of inactivity.
I believe the FDA is still using enforcement discretion. Given that training records aren't required by regulation to be signed and the relative low risk, it *may* never come up in an inspection. I wouldn't just ignore it, though. I'd at least document an assessment of the impact of non-compliance and have that available should it ever come up. That would at least show you considered it and made a rational decision.