Multi-factor authentication which resides on the same device, eg. the mobile banking app authenticating with an SMS to the same phone it is running on.
Overly complex password policies which lead to people writing passwords down in unsafe places.
Password expiration.
RBAC with unsensible defaults which leads to everyone having admin access.
Not running security drills: when people always follow the happy path they never practice the procedures for eg. getting back access after losing their phone.
Overly complex password policies which lead to people writing passwords down in unsafe places.
Password expiration.
RBAC with unsensible defaults which leads to everyone having admin access.
Not running security drills: when people always follow the happy path they never practice the procedures for eg. getting back access after losing their phone.