Helping people with computers... one answer at a time.
Strong passwords are important, but they don't protect you from everything. I'll look at other ways that your account can be compromised.
I sometimes play a game online to pass the time. It's a simulation type of game but I like it. One day I logged into my account and realized that someone had changed the password and taken all my stuff. How is it possible that they've hacked my account? My password has plenty of characters, is almost impossible to guess because it sounds like random gibberish to everyone else except myself, and there are plenty of numbers and secret characters in it. Is it true that they used a hacking device or program of some sort to hack my account?
I can't say what could have happened in your case, specifically.
I can think of a number of ways your account could have been compromised.
OK, you've got a great password - something like 0jrkdiGv5Q@n - something that is not going to be guessed, and certainly no current computer is going to get to in the next century by trying all possible combinations.
What else could go wrong?
You have a key-logger. Key loggers, short for keystroke loggers, are malicious programs that are installed and transmitted as viruses or spyware. Once your computer is infected with a key logger it could be recording every keystroke you press, and then sending that off to some central "hacker headquarters" where the results are analyzed and account login IDs and passwords are extracted. By the way, "keystroke logger" is a misnomer these days. Just about anything you do can be recorded, including mouse clicks, screen shots, and even network traffic, rendering most of the ways to supposedly "bypass" keystroke loggers completely ineffectual.
You logged in on a public computer. Not only can public computers be completely infested with malware including the aforementioned keyloggers, but they can also have hardware logging devices installed. Even if you scanned, you'd never tell from the software installed that your keystrokes and all that other activity might be captured by a device attached to or inside the computer itself.
You've been phished. This is happening a lot, particularly in online games. You receive a message supposedly from the game administrator that you need to visit a web site to gain access to some in-game bonus, or validate your account or risk being banned. When you go to that site you have to login and ... you just gave your login information to a hacker. Phishing is, of course, not limited to these in-game messages - they can be just about anything to get you to divulge your username and password.
Your password is great, but your security questions? Not so much. Security questions are often used to validate that you are who you say you are when you click the "I forgot my password" link when attempting to access your account. If those security questions are the all too typical simple kind like your birthplace or favorite color, my guess is that someone who either knows you or has read your profiles on social media sites can probably answer them. If they can answer them many times that means that they can gain access to your account. This varies depending on exactly how the security questions are used, but it's very common.
You logged in over an open WiFi connection. This could be while at Starbucks or some public location that has open WiFi. It could even be your own home if you've not enabled WPA encryption on your wireless access point. I'd be shocked if the game you're playing encrypted its login transactions, or for that matter any part of the game experience. That means that anyone within range (meaning perhaps within a few hundred feet) could "listen in" to your network conversation and see your login ID and password as they passed by from your computer to the gaming or other server.
You walked away while logged in and someone walked up to your computer and changed your password. Or changed your security questions. Or changed your email address associated with the account so that they could later say "I forgot my password" and "recover" access to your account.
You left your computer accessible. There's no substitute for physical security if someone can just walk up to your computer and start searching for things that might help them. If your game allows you to remember login IDs or passwords, those are probably accessible somewhere and anyone with physical access to your machine could conceivably find them. Even a Windows password is not enough, since those are easily bypassed or reset by someone with the proper knowledge and tools.
You told a friend. Sadly this happens more often than we think. Sometimes the easiest way to share something is to just let your friend (or spouse, or child, or parent, or ...) login "as" you - so you give them the password. Later when they're angry or hurt or no longer your friend they can login and change your password thereby locking you out.
Someone watched you login. "Shoulder Surfing", as it's known, is as simple as it sounds - letting someone watch you type in your password could be enough for them to memorize the keys you typed. It's not necessarily easy, but depending on how you type and how well that person watches and remembers, it's not an uncommon way to get a password - even a complex one.
It's great that you have a strong password - that already puts you ahead of the majority of computer users, sad to say. But it's not something that protects you from all threats. Be aware of the scenarios I've listed, and for those that you think might apply take appropriate steps to minimize the risk.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.