Thankfully this was during integration testing, and I was doing my best to break things.
We were developing a secure system for the MOD. The client machines we were working on were going to be running a locked down version of Windows NT with keyboard equipped with a magnetic card reader. To log in you had to insert the card and that supplied your username, effectively. You then entered your password and logged in. Any removal of the card had to lock the machine or abort the login process and leave the machine secure. That seemed to work fine.
Separately, we had additional software installed that, after login, but before showing the desktop, would show you information about your last login session - e.g. when/where. That seemed to work fine.
Unfortunately, whilst that dialog was being shown, it was impossible to lock the machine. Which meant that so long as you choose to remove the card before acknowledging the dialog, you'd end up logged in with no card inserted.
Loved showing that one to the guys who had lovingly crafted these separate systems.