Computerworld’s Jaikumar Vijayan story today on the Utah Department of Health security breach that exposed approximately 280,000 Social Security numbers highlights a point we’ve written about many times in the past: Weak, easy-to-guess passwords are perhaps the biggest threat to IT security. According to Vijayan: “ … the hackers -- believed to be from Eastern Europe -- exploited a configuration error at the authentication layer of the server hosting the compromised data, according to Utah IT officials. Many security analysts see that formal explanation as a somewhat euphemistic admission that the breached server was using a default administrative password or an easily guessable one, thereby allowing the attackers to bypass the perimeter-, network- and application-level security controls built to protect the agency's systems. While such mistakes are easy to avoid, they're surprisingly common despite years of warnings about the dangers of using passwords that hackers can easily guess." More.