A reported decade-long intrusion shows why controlling authentication can matter more than breaking into a single machine.
