9 Ways to Steal Your Password. The Case for Two Step Verification.

Having a password is important, but stealing passwords has gotten so easy that it’s no longer enough by itself. In addition to your secret password stored in your head, many companies are confirming possession of some tangible thing, a phone for example, in order to login. That way if someone learns your password, they can’t use it without also physically taking your phone from you. A win for you. 

For perspective, 80% of the security breaches in a set of 621 companies in 2012 used a stolen password. That’s 44 million accounts that could have been protected if they had just turned on two step verification. Don’t be the next victim.

Why are passwords so easy to steal?  Secrets are hard to keep! It only takes one mistake before the cat’s out of the bag, and the cat may escape, so to speak, without you knowing it. Here’s some of the ways hackers will try to steal your password. The adversary could:

  • Watch you type it in through a telescope, or look over your shoulder.

  • Listen to you type it in through a web cam

  • Watch you send it unprotected if you ever use a website without HTTPS, as mentioned previously.

  • Trick you, and 80,000 other people a day into typing your password into a fake website that looks legitimate.

  • Make a cool app for you to download with a very nice box to type your password into.

  • Email you a link to a website that installs a password stealing virus that’s gotten over 3.6 Million installs as of 2009.

  • Hack into another website you use (including Adobe.comYahoo.com, and Linkedin.com) and steal your password. You don’t use the same password on multiple sites do you? Check if your account has been leaked already.

  • Reset your password by Googling the answers to your easy-to guess password reset questions.

  • Reset your password by calling the very helpful folks at customer service.

I could go on, but I hope that this short list is enough to motivate you to take a moment now and turn on two factor authentication so you don’t become the next victim.


What about all those sites that don’t care enough to setup two setup verification? Use a password manager to create a separate, complex password for each site.

Happy Passwords!