| ||
For this one, the sin pattern is really easy to spot. Is a program using traditional or handmade password systems without using some other authentication technique to provide defense in depth? If so, that program is living in sin. Its generally considered an acceptable sin, but you need to go out of your way to make sure that the risks are recognized.
Even if there is multifactor authentication, there can still be some risks anytime youre using a password system, such as account lock-out due to failed login attempts. So really, the pattern is having a password system at all!