Simply stating Microsoft is not a good example for anything without further expanding on your point makes that a fairly poor argument.

Yes, Microsoft has its issues and there was some pretty big cyber-security related incident with them recently. Windows is also not the pinnacle of security. We all or most of them probably know this.

However, it's not very well-thought to bash Microsoft in entirety due to this. Microsoft Authenticator is pretty good. For example, to fight phishing, when logging into their services they display a number on the screen that you need to type into the authenticator. That is an awesome feature and makes logging in super secure from phishing standing point.

It's convenient you mention human error because that is literally the biggest cyber-security threat there is. That's what we need to be fighting when it comes to day-to-day tasks such as logging in to services. Other things are pretty irrelevant in the grand scheme of things for the average user.