No, using a stupid authentication/verification method with lots of false positives is always on whoever deploys it.

Imagine an apartment building with a flimsy front door lock that breaks all the time, and the landlord only telling you that that can't be helped because of all the burglars.