"The primary advantage of password-only authentication is that it can be implemented entirely in software, thus avoiding the cost of special purpose authentication hardware. However, password systems have a number of disadvantages in practice which restrict their use to applications with minimal security requirements, or situations where password management can be strictly controlled. Password based authentication is most effective when combined with other authentication techniques."
"A number of factors affect the security of a system which relies on passwords for authentication. These factors include the composition, length, lifetime, source, ownership, distribution, storage, entry, transmission, and authentication period of the passwords."