There’s more to security than 2cbMM8DS7Dwg3FWMVuSv.
I can’t say what happened in your case, specifically.
Let’s assume you’ve got a great password — something like “2cbMM8DS7Dwg3FWMVuSv”. It’s not going to be guessed, and no current computer is going to get to it in the next century by trying all possible combinations.
I can still think of a number of ways your account could have been compromised.
You have a keylogger
Keyloggers, short for keystroke loggers, are malicious programs transmitted and installed as viruses or spyware.
Once infected, a keylogger could record every keystroke you press, and send it off to some central “hacker headquarters” where results are analyzed and account login IDs and passwords are extracted.
“Keystroke logger” is a misnomer these days. Anything you do can be recorded, including mouse clicks, screenshots, and even network traffic, rendering most of the ways to supposedly bypass keystroke loggers completely ineffectual.
You logged in on a public computer
Not only can public computers be completely infested with malware, including keyloggers, but they can also have hardware logging devices installed. Even if you scanned for it, you’d never tell from the software installed that keystrokes and other activity are being captured by a device attached to or inside of the computer itself.
You’ve been phished
This happens a lot, particularly in online games.
You receive a message, supposedly from the game administrator, that you need to visit a website to gain access to some in-game bonus or validate your account, or risk being banned. When you go to the site, you must log in and … you just gave your login information to a hacker.
Phishing is, of course, not limited to these in-game messages — they can be just about anything to get you to divulge your username and password. Most common phishing attempts happen via email.
You have poor security questions/answers
They’re less common now, but security questions are still sometimes used to validate that you are who you say you are when you click the “I forgot my password” link.
If those security questions are simple things like your birthplace or favorite color, someone who knows you or has read your profile on social media may be able to answer them. If they can, it means they can gain access to your account and set a new password.
You logged in over an open WiFi connection
This could be at some public location offering open Wi-Fi, or even your own home, if you haven’t enabled WPA encryption on your wireless access point.
When this happens, anyone within range (meaning perhaps within a few hundred feet) could “listen in” to your network conversation and see your login ID and password as they passed by from your computer to the gaming or other server.
Fortunately, this is becoming less common as most sites move to https, but you do still need to take care.
You walked away while logged in
If you leave your computer unattended and logged in, someone might be able to walk up and change your password. Or your security questions. Or the email address associated with the account. Any or all of those might allow them to later use the “I forgot my password” function and “recover” access to your account.
You left your computer accessible
There’s no substitute for physical security if someone can just walk up to your computer. Even if you’re not actively playing the game or using the service, or you think you’ve logged out, someone could still start searching for things that might help them. If your game allows you to remember login IDs or passwords, those are probably accessible somewhere, and anyone with physical access to your machine could conceivably find them.
You told a friend
I’ve learned this happens more often than we think.
Sometimes the easiest way to share something is just to let your friend (or spouse, or child, or parent, or …) log in as you — so you give them the password. Later, when they’re angry or hurt or no longer your friend, they are still able to log in and change your password, thereby locking you out.
Someone watched you log in
“Shoulder surfing”, as it’s known, is as simple as it sounds: letting someone watch you type in your password could be enough for them to memorize the keys you type. It’s not necessarily easy, but depending on how you type and how well that person watches and remembers, it’s possible to get a password — even a complex one.
It’s great that you have a strong password. That already puts you ahead of the majority of computer users, sad to say. But it’s not something that protects you from all threats. Be aware of the scenarios I’ve listed, and take appropriate steps to minimize the risks.
For related links, videos, and comments visit 9 Ways Your Account Can Be Compromised, Even with a Super-strong Password on Ask Leo!
Leo Notenboom has been programming computers since 1976, and answering questions about them online since 2003. For more, see askleo.com.