Authentication Vulnerability

Authentication is generally regarded as the major weak link for any security scheme. A large part of the problem is that authentication considerations have to cover a wide range of devices, from smartphones to "things" from the Internet of Things. Given the highly varied device landscape, what are some of the most common vulnerabilities in authentication, and how would you mitigate them? For instance, how would you go about strengthening authentication for a sensor-based device that does not have much RAM or processing power? Change management should ensure that any changes to an organization's infrastructure or processes are applied correctly and do not compromise security. Any addition to the network can introduce new vulnerabilities; the Bring Your Own Device trend is a good example. How would you go about building a secure change management culture, and what factors do you think support secure change management?