@cybergibbons History would suggest they're wrong too. It's "more" secure to require a user to have lots of individual accounts and passwords for lots of things - compromise one the others are unaffected.
That didn't work in practice though, and we now have SSO cos otherwise "Password12"