Earlier this year, in January, Google and Adobe were hacked into by Chinese programmers. Information about their algorithms and intellectual properties was stolen, as well as the names of gmail account holders that the Chinese government viewed as dissidents. Later, at a security conference, the security firm HBGary was hacked, to their infinite embarrasement.
The first hack, on Google, was extremely sophisticated and came as a surprise to many people who became aware of the attack. The second hack, on HBGary, used a combination of software vulnerabilities and social engineering to pull off the attack. In that case passwords were compromised because at the corporate level they did not follow common sense guidelines about how to protect passwords.
The first attack was the 10% attack, meaning that including even the most sophisticated firms-- that is,10% of all firms--can't withstand this kind of encroachment, notwithstanding their most sophisticated models of protection. The second attack was the 80-90% attack, meaning that anyone without proper common sense guidelines would be vulnerable. Most business enterprises fall in the 80-90% range and are vulnerable, but if their security policies are followed they will be protected from everything except the most sophisticated hacks. Here are some strong password guidelines that everyone should follow.
See Also: Why You Need an Information Security Policy