Users giving away their credentials to others
Users losing their credentials
Users not protecting their credentials properly e.g. posting passwords on post-it stickers
Authentication delegation models in which the delegate assumes the user's original ID instead of using their own (e.g. as in Shibboleth see https://spaces.internet2.edu/display/ShibuPortal/Solution+Proposal)