Remember when the White House web site got hacked?
Passwords are just one basic level of security, adding geographic location information, cryptographic keys, challenge/request, etc add to the onion skin layers of security.
But if someone is determined they will find a way to get in, and more often than not it would be too easy. Sony provoked (challenged) NK hackers with the subject matter of their up coming release of some kiddie game on PS4 (I hope I got that right) which is offensive to some in NK. So it could easily be viewed as Sony shot their own foot off.
When I was managing about 700 web sites I was surprised to learn just how low the reality of hacking is. Sure we had one or two sites compromised over the years but they were because of stupid things like using credentials like "admin"/"password" - and the site had been like that for years before it finally got hacked and the customer came crying to us.
I also remember one of our competitors getting hacked, the hole had been there for years before it finally got exploited. It wasn't the hack that put that company out of business it was their loss of reputation. Good riddance for being so stupid.
The Sony hack on the other hand was sophisticated and not by "drive-by" opportunists.
I recall a long time ago in guvmint there was a project worker who used to loan out his secretary whenever some executive's secretary called in sick. He instructed his secretary to data mine the computer she was working on. So much for having the best security technology available.