When you balance the cost of security and the value of the protected information, the combination of a user ID and a secret password is usually adequate. However, passwords give a false sense of security. The bad guys know this and attempt to crack passwords as a step toward breaking into computer systems.
One big problem with relying solely on passwords for security is that more than one person can know them. Sometimes, this is intentional; often, it’s not. The tough part is that there’s no way of knowing who, besides the password’s owner, knows a password.
Organizational or user vulnerabilities: This includes lack of password policies that are enforced within the organization and lack of security awareness on the part of users.
Technical vulnerabilities: This includes weak encryption methods and unsecure storage of passwords on computer systems.
Before computer networks and the Internet, the user’s physical environment was an additional layer of password security that actually worked pretty well. Now that most computers have network connectivity, that protection is gone.