Finally, it's important not to make security protocols for your development team or users too onerous, or people will neglect to follow them. It's true that the securest software is the application with no users, but that's not the goal here!
