Information Security as a Speed Contest
The only impenetrable security is that which at a minimum prevents any use whatsoever. Systems that allow any access are susceptible to at least one form of intrusion: falsified access credentials.
The purpose of information security is to slow down a break-in or use of stolen information to the point where the perpetrator can be captured in the act. In the case of falsified access credentials, security systems slow down the perpetrator from generating fake access credentials as fast as if the security were not present.
Thus, hackers attempt to find any faster way to generate falsified credentials. Even if their method is just a tiny bit faster, exploting this speed difference vs. the assumed speed to compromise credentials can buy the savvy hacker time to get away with their crime.
Information Technology security professionals must remain aware of the time necessary to break security, especially in the case when a new form of instant access is discovered (0-day exploits, for example). Instant access means that a hack attempt would most likely go entirely unnoticed until at least some time after the important data/etc was stolen, and depending on the intrusion method, the most severe of exploit-based intrusions may be entirely undetectable.