Lagos, Nigeria

9 Ways Your Account Can Be Compromised, Even with a Super-strong Password – Ask Leo!

There’s more to security than 2cbMM8DS7Dwg3FWMVuSv.

Strong passwords are important, but they don’t protect you from everything. I’ll look at other ways your account can be compromised.

The Best of Ask Leo!

I sometimes play a game online to pass the time. It’s a simulation type of game but I like it. One day I logged into my account and realized that someone had changed the password and taken all my stuff. How is it possible that they’ve hacked my account? My password has plenty of characters, is almost impossible to guess because it sounds like random gibberish to everyone except myself, and there are plenty of numbers and secret characters in it. Is it true that they used a hacking device or program of some sort to hack my account?

I can’t say what happened in your case, specifically.

Let’s assume you’ve got a great password — something like “2cbMM8DS7Dwg3FWMVuSv”. It’s not going to be guessed, and no current computer is going to get to it in the next century by trying all possible combinations.

I can still think of a number of ways your account could have been compromised.

You have a keylogger

Keyloggers, short for keystroke loggers, are malicious programs transmitted and installed as viruses or spyware.

Once infected, a keylogger could record every keystroke you press, and send it off to some central “hacker headquarters” where results are analyzed and account login IDs and passwords are extracted.

“Keystroke logger” is a misnomer these days. Anything you do can be recorded, including mouse clicks, screenshots, and even network traffic, rendering most of the ways to supposedly bypass keystroke loggers completely ineffectual.

You logged in on a public computer

Not only can public computers be completely infested with malware, including keyloggers, but they can also have hardware logging devices installed. Even if you scanned for it, you’d never tell from the software installed that keystrokes and other activity are being captured by a device attached to or inside of the computer itself.

You’ve been phished

This happens a lot, particularly in online games.

You receive a message, supposedly from the game administrator, that you need to visit a website to gain access to some in-game bonus or validate your account, or risk being banned. When you go to the site, you must log in and … you just gave your login information to a hacker.

Phishing is, of course, not limited to these in-game messages — they can be just about anything to get you to divulge your username and password. Most common phishing attempts happen via email.

You have poor security questions/answers

They’re less common now, but security questions are still sometimes used to validate that you are who you say you are when you click the “I forgot my password” link.

If those security questions are simple things like your birthplace or favorite color, someone who knows you or has read your profile on social media may be able to answer them. If they can, it means they can gain access to your account and set a new password.

You logged in over an open WiFi connection

This could be at some public location offering open Wi-Fi, or even your own home, if you haven’t enabled WPA encryption on your wireless access point.

When this happens, anyone within range (meaning perhaps within a few hundred feet) could “listen in” to your network conversation and see your login ID and password as they passed by from your computer to the gaming or other server.

Fortunately, this is becoming less common as most sites move to https, but you do still need to take care.

You walked away while logged in

If you leave your computer unattended and logged in, someone might be able to walk up and change your password. Or your security questions. Or the email address associated with the account. Any or all of those might allow them to later use the “I forgot my password” function and “recover” access to your account.

You left your computer accessible

There’s no substitute for physical security if someone can just walk up to your computer. Even if you’re not actively playing the game or using the service, or you think you’ve logged out, someone could still start searching for things that might help them. If your game allows you to remember login IDs or passwords, those are probably accessible somewhere, and anyone with physical access to your machine could conceivably find them.

You told a friend

I’ve learned this happens more often than we think.

Sometimes the easiest way to share something is just to let your friend (or spouse, or child, or parent, or …) log in as you — so you give them the password. Later, when they’re angry or hurt or no longer your friend, they are still able to log in and change your password, thereby locking you out.

Someone watched you log in

“Shoulder surfing”, as it’s known, is as simple as it sounds: letting someone watch you type in your password could be enough for them to memorize the keys you type. It’s not necessarily easy, but depending on how you type and how well that person watches and remembers, it’s possible to get a password — even a complex one.

It’s great that you have a strong password. That already puts you ahead of the majority of computer users, sad to say. But it’s not something that protects you from all threats. Be aware of the scenarios I’ve listed, and take appropriate steps to minimize the risks.

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay — and yes, that means you can get this report completely free if you so choose. Get your copy now!

This post was written by Leo Notenboom and was first posted to

Do you find this article helpful? Your Friend might too. So, please Share it with them using the Share button above.
Will you like to get notified when I post new updates? Then Follow me on any of my social media handles: Google News, Telegram, WhatsApp, Twitter, Facebook, Pinterest.
You can also drop your email address below if you wish to be notified by mail.

Tags: ,

%d bloggers like this: