http://www.reuters.com/article/2013/11/08/net-us-usa-security-snowden-idUSBRE9A703020131108
I think that the lesson we should draw from this is that no organization is capable of using password based security effectively. People like passwords because they are convenient, one of the reasons that they are convenient is that they can be shared.