Helping people with computers... one answer at a time.

It's easy to think that as long as you keep your computer out of other people's hands you're safe. It's nowhere near that simple.

Is it possible for a hacker to get my Hotmail password without access to my computer?

Yes.

There are several ways a hacker can get your password. The good news is that there is something you can do to prevent that from happening.

The bad news is that most people don't.

The hacker could guess it.

I'd venture a guess that the most common form of account theft and password hacking is simply being able to guess your password. I'd go even further to say that this is perhaps the most common among children.

Yes, having a password that's easy to guess is at odds with being able to remember it yourself. To put it bluntly: too bad. You need to come up with an approach that you can remember and that no one would ever be able to guess.

What's a good password? discusses this in some more detail.

The hacker could have found your notepad.

"... keeping it written down anywhere in, on or around your desk, workstation or computer is just asking for trouble."

Do you write your password down on paper somewhere?

Don't.

It's just another way that someone could stumble upon it and then use it to access your account.

In particular, keeping it written down anywhere in, on or around your desk, workstation or computer is just asking for trouble. Use a password method that you can remember, something that you don't have to write down.

You could have told the hacker.

You may think I'm joking, but I'm not.

Have you ever shared your password with anyone?

ANYONE?

I honestly don't care if that other person is someone you really, really trust. Boyfriend, girlfriend, trusted colleague, "BFF" ... it doesn't matter. You've just given your password to someone else.

Yes, they could be the hacker, I suppose, and that does happen - often. But even more frequent is that they inadvertently share your password with someone else. Someone else that you don't trust, and that someone else becomes your hacker.

I'd also guess that this is also one of the more common reasons for account theft and hacking among children.

You could have told the hacker, again.

There are many ways that hackers try to get your password. The one we're most familiar with is the phishing scam. Email that looks like it's real, email that asks you to go somewhere that also looks like it's real, where you're instructed to enter your account ID and password.

The only problem is that it wasn't real. It was a hacker attempting to collect your account information.

Similarly, there are services out there that add functionality to Hotmail - perhaps a POP3 connector, or a social media site wanting to import your contacts. But to do so they need your account ID and password. By giving them that information you're assuming that they are trustworthy. Many are. Many are not.

You could have told the world!

Ever use an open WiFi hotspot?

This is less likely, since Hotmail's default login is, in fact, secure, and your password should not be visible to WiFi sniffers nearby.

On the other hand, if you use one of the POP3/SMTP connectors for Hotmail, it's unclear whether your password is transmitted in the clear. If it is, it's there for anyone nearby to see.

It might not have been Hotmail

Recall that most people use their Hotmail ID for Windows Live Messenger, and a number of Windows Live and MSN services. For example you might have given someone your MSN Messenger password, not realizing that's exactly the same as giving them your Hotmail password, because it's the same account.

The hacker might have access to your computer.

I know you excluded this in your question, but I have to include it. The hack could get your password via spyware installed on your machine. That spyware could be recording everything you do, just account ID's and passwords, or anything in between. That collected data is then sent off to the hacker.

It's one of the biggest reasons I so strongly recommend taking all the steps necessary to keep your computer safe.

The bottom line is that it is all in your control.

Article C3423 - June 22, 2008 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

15 Comments
peter
June 22, 2008 8:58 PM

good article leo , i want to add that some users didn't care about their antivirus or internet security software and others uses any security software without care about it's effectiveness and this is the calamity , hackers is not a god but they are intelligent programmers which analyze systems to reach the weakest point and try to enter from this point , so if you close these point carefully , you hadn't to afraid about hackers any more.

thanks leo
http://www.seo123.ws

Lagato
June 24, 2008 9:15 AM

another possibility could be that the hacker used brute force, meaning trying to log in with all characters

Barry
June 24, 2008 9:22 AM

I have AOL and whenever I make new snames, some guy in the room seems to know who is behind those snames. I have no idea how he does it, I have never shared my account with any1.
I think he sniffs out my IP address and then back track to see where I am logged on from.

Eli Coten
June 24, 2008 9:56 AM

Someone demonstrated recently that in fact if you save your password in Windows Live Messenger (certainly on Windows XP, not sure about Vista) the password can be easily found by simple software that reveals the contents of the Windows Password Stores. Same is true for browsers: Internet Explorer, Firefox and Opera. I know Firefox can be protected by a master password but by default it's not so anyone who can access your browsers' profile location has access to all password's you've saved in it as well.

Leo Mayer
June 24, 2008 10:36 AM

How safe is Roboforms?

Doug Shilson
June 25, 2008 8:55 AM

Paswords, Passwords, I'm swmming in passwards. I'm at that age (Senior) that can't remember all the passwords so I Have to Write Them Down. Just about every web sight I want to use, I have to figure out a password. I counted them and have 15 different passwords! Is there a simpler way? Thanks, Doug!

Leo
June 25, 2008 9:26 AM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Eli: you're absolutely right. In fact, I've got an article
on the topic:
http://ask-leo.com/i_forgot_my_password_can_i_somehow_get_my_autologin_remembered_password.html

Leo


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFIYnGlCMEe9B/8oqERAhBeAJ42RyAQSND9q9B50KsxJ5+SoqvePACfbwMY
/lvKbTIc9i7dEm48ocr0jmU=
=jGRu
-----END PGP SIGNATURE-----

Leo
June 25, 2008 9:31 AM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Leo Mayer: re RoboForm

Very. I recommend it:
http://ask-leo.com/recommendation_roboform_password_manager_and_more.html
Just be sure that you pick a safe master password.

Leo


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFIYnLiCMEe9B/8oqERAohZAJ9BDazlSy7iCjUqzZyLQ8EC9sjSSACfZWRC
Zplfy9qCs/jb92MPG7GtqQ8=
=GeRG
-----END PGP SIGNATURE-----

sue james
June 26, 2008 11:26 PM

I, too, use Roboform and save the passwords only to a secure jump drive. When I am not at the PC, nether are the PWs. Does using Window Washer after each session on the PC help to keep the PW's safe, too?

Betsye
June 27, 2008 8:53 AM

Excellent password advice. Particularly liked your password examples. What is your opinion of the Kaspersky security software? Thank you.
Betsye

Leo
June 28, 2008 9:50 AM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I don't have any direct experience with Kaspersky, but have
heard only good things.

Leo


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFIZmvKCMEe9B/8oqERAjxQAKCO0mM4u9cfFKt1wuW73TNLUJjLwwCfY9FV
eJ7u+0gwwlXFH3noT7dYfYs=
=aIoz
-----END PGP SIGNATURE-----

Khuram
January 1, 2009 8:16 AM

Well leo, i have recently faced it two times that some one hacked Yahoo or MSN ID. I have given the detail in my blog http://wisdomtalks.com/hacking-yahoo-or-hotmail-is-it-possible/
I would not have believe it, if i donot face it myself.
I am using strong Password as well all other measures being suggested by MSN. And i really donot understand how this guy is hacking.

Of course hacking is possible. There are many ways - everything from keyloggers to spyware, to password guessing, WiFi sniffing, to trusting an internet connection such as an open WiFi or hotel connection that you shouldn't. If you're getting hacked repeatedly, then there's some aspect of basic internet security that you're missing.
- Leo
02-Jan-2009

Jimmy
February 8, 2009 6:00 PM

Actually LEO Hotmail is the most unsecure program on the net. Because of the fact hotmail now has this credential recovery program anyone can access your account. You go the the revert link and all you need to get correct is their birthdate and their ip and that's it. You now have ownership of their e-mail. And they can get your ip using a tool called IP Get. All you have to do is change your display picture and the hacker has your ip.

steven
June 14, 2011 11:49 AM

I was wondering what percentage of Questions you get are on Hotmail(I no longer have Hotmail for years).

I don't have a percentage, but I can tell you that it's very high compared to other mail services, and high overall.
Leo
17-Jun-2011

steven
June 14, 2011 11:59 AM

I do not have roboform, but just Googled it. Imagine the horror of a hacker getting your master password. He would not only have access to one of your accounts, but ALL of them.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.