Summary: It's easy to think that as long as you keep your computer out of other people's hands you're safe. It's nowhere near that simple.
Is it possible for a hacker to get my Hotmail password without access to my computer?
•
Yes.
There are several ways a hacker can get your password. The good news is that there is something you can do to prevent that from happening.
The bad news is that most people don't.
•
The hacker could guess it.
I'd venture a guess that the most common form of account theft and password hacking is simply being able to guess your password. I'd go even further to say that this is perhaps the most common among children.
Yes, having a password that's easy to guess is at odds with being able to remember it yourself. To put it bluntly: too bad. You need to come up with an approach that you can remember and that no one would ever be able to guess.
What's a good password? discusses this in some more detail.
The hacker could have found your notepad.
Do you write your password down on paper somewhere?
Don't.
It's just another way that someone could stumble upon it and then use it to access your account.
In particular, keeping it written down anywhere in, on or around your desk, workstation or computer is just asking for trouble. Use a password method that you can remember, something that you don't have to write down.
You could have told the hacker.
You may think I'm joking, but I'm not.
Have you ever shared your password with anyone?
ANYONE?
I honestly don't care if that other person is someone you really, really trust. Boyfriend, girlfriend, trusted colleague, "BFF" ... it doesn't matter. You've just given your password to someone else.
Yes, they could be the hacker, I suppose, and that does happen - often. But even more frequent is that they inadvertently share your password with someone else. Someone else that you don't trust, and that someone else becomes your hacker.
I'd also guess that this is also one of the more common reasons for account theft and hacking among children.
You could have told the hacker, again.
There are many ways that hackers try to get your password. The one we're most familiar with is the phishing scam. Email that looks like it's real, email that asks you to go somewhere that also looks like it's real, where you're instructed to enter your account ID and password.
The only problem is that it wasn't real. It was a hacker attempting to collect your account information.
Similarly, there are services out there that add functionality to Hotmail - perhaps a POP3 connector, or a social media site wanting to import your contacts. But to do so they need your account ID and password. By giving them that information you're assuming that they are trustworthy. Many are. Many are not.
You could have told the world!
Ever use an open WiFi hotspot?
This is less likely, since Hotmail's default login is, in fact, secure, and your password should not be visible to WiFi sniffers nearby.
On the other hand, if you use one of the POP3/SMTP connectors for Hotmail, it's unclear whether your password is transmitted in the clear. If it is, it's there for anyone nearby to see.
It might not have been Hotmail
Recall that most people use their Hotmail ID for Windows Live Messenger, and a number of Windows Live and MSN services. For example you might have given someone your MSN Messenger password, not realizing that's exactly the same as giving them your Hotmail password, because it's the same account.
The hacker might have access to your computer.
I know you excluded this in your question, but I have to include it. The hack could get your password via spyware installed on your machine. That spyware could be recording everything you do, just account ID's and passwords, or anything in between. That collected data is then sent off to the hacker.
It's one of the biggest reasons I so strongly recommend taking all the steps necessary to keep your computer safe.
The bottom line is that it is all in your control.
Related:
-
Ask Leo! - What's a good password?
-
Ask Leo! - Phishing? What's Phishing?
-
Ask Leo! - Internet Safety: How do I keep my computer safe on the internet?
Article C3423 - June 22, 2008
Someone demonstrated recently that in fact if you save your password in Windows Live Messenger (certainly on Windows XP, not sure about Vista) the password can be easily found by simple software that reveals the contents of the Windows Password Stores. Same is true for browsers: Internet Explorer, Firefox and Opera. I know Firefox can be protected by a master password but by default it's not so anyone who can access your browsers' profile location has access to all password's you've saved in it as well.
Posted by: Eli Coten at June 24, 2008 9:56 AMHow safe is Roboforms?
Posted by: Leo Mayer at June 24, 2008 10:36 AMPaswords, Passwords, I'm swmming in passwards. I'm at that age (Senior) that can't remember all the passwords so I Have to Write Them Down. Just about every web sight I want to use, I have to figure out a password. I counted them and have 15 different passwords! Is there a simpler way? Thanks, Doug!
Posted by: Doug Shilson at June 25, 2008 8:55 AM-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Eli: you're absolutely right. In fact, I've got an article
on the topic:
http://ask-leo.com/i_forgot_my_password_can_i_somehow_get_my_autologin_remembered_password.html
Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIYnGlCMEe9B/8oqERAhBeAJ42RyAQSND9q9B50KsxJ5+SoqvePACfbwMY
Posted by: Leo at June 25, 2008 9:26 AM/lvKbTIc9i7dEm48ocr0jmU=
=jGRu
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Leo Mayer: re RoboForm
Very. I recommend it:
http://ask-leo.com/recommendation_roboform_password_manager_and_more.html
Just be sure that you pick a safe master password.
Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIYnLiCMEe9B/8oqERAohZAJ9BDazlSy7iCjUqzZyLQ8EC9sjSSACfZWRC
Posted by: Leo at June 25, 2008 9:31 AMZplfy9qCs/jb92MPG7GtqQ8=
=GeRG
-----END PGP SIGNATURE-----
I, too, use Roboform and save the passwords only to a secure jump drive. When I am not at the PC, nether are the PWs. Does using Window Washer after each session on the PC help to keep the PW's safe, too?
Posted by: sue james at June 26, 2008 11:26 PMExcellent password advice. Particularly liked your password examples. What is your opinion of the Kaspersky security software? Thank you.
Posted by: Betsye at June 27, 2008 8:53 AMBetsye
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I don't have any direct experience with Kaspersky, but have
heard only good things.
Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIZmvKCMEe9B/8oqERAjxQAKCO0mM4u9cfFKt1wuW73TNLUJjLwwCfY9FV
Posted by: Leo at June 28, 2008 9:50 AMeJ7u+0gwwlXFH3noT7dYfYs=
=aIoz
-----END PGP SIGNATURE-----
Well leo, i have recently faced it two times that some one hacked Yahoo or MSN ID. I have given the detail in my blog http://wisdomtalks.com/hacking-yahoo-or-hotmail-is-it-possible/
I would not have believe it, if i donot face it myself.
I am using strong Password as well all other measures being suggested by MSN. And i really donot understand how this guy is hacking.
02-Jan-2009
Actually LEO Hotmail is the most unsecure program on the net. Because of the fact hotmail now has this credential recovery program anyone can access your account. You go the the revert link and all you need to get correct is their birthdate and their ip and that's it. You now have ownership of their e-mail. And they can get your ip using a tool called IP Get. All you have to do is change your display picture and the hacker has your ip.
Posted by: Jimmy at February 8, 2009 6:00 PM