I just noted that the sad story about the investment trader gone bad has been distilled down to a case of weak password/user controls:

Societe Generale might have been able to prevent a year-long binge of fraudulent transactions by one of its mid-level traders – which the French banking giant confirmed this week has cost it more than $7 billion in losses – simply by instituting stricter password controls and applying available software that tracks transactions to individual workstations, analysts told SCMagazineUS.com today.

They do not mention clear-text passwords as one of the gaps, but I bet stronger passwords would have only helped a little. The article suggests that administrators should not have access to users passwords, but few systems actually allow this by design. Two-factor would have definitely been better, but it still begs a few simple control questions.