Explain the concept of "separation of duties" in account management.

Separation of duties is a control that splits critical tasks among multiple people so no single individual can perform all steps of a sensitive action. In account management, this means distributing responsibilities and privileges so different people handle different parts of a process, such as requesting access, approving that access, and provisioning or deprovisioning accounts. This creates checks and balances, making fraud or mistakes harder because the action requires independent review and authorization from others. It also improves accountability, since different roles are involved, and activities can be traced to the appropriate person or role. The other options miss the point: having one administrator manage everything places too much power in one person and removes the necessary checks; rotating passwords or using a single authentication factor addresses authentication or credential management, not the need to divide responsibilities to prevent misuse of privileges.