How you lose and/or expose your password

A couple of weeks ago, I received a spam email that gave me some chills. I hardly ever check my spam emails but for some reason, I decided to do so on that day. The email was pretty straightforward, titled, “I know your password ‘xxxxxxxx’”. True to his/her statement, that was indeed my password (‘xxxxxxxx’ is just a placeholder for my password). The body of the email was the normal extortion and threats. By the way, my password is not easy to guess. I am that kind of a person who goes all out psychotic with alphanumeric and special characters when coming up with a password. On this day, however, this person had managed to gain access to my password. How? I asked myself. Apparently, having a strong password alone is not enough. I remembered this incident today and thus decided to share with you ways in which you may lose or expose your password.

How you lose or expose your password

I will cover five most common ways you may lose or expose your passwords. I will start with how I exposed mine:


Using the same password across different accounts

Prior to that day, I would use one password for several accounts. For instance, I would use the same password for my Twitter, Facebook and LinkedIn. The problem with this is that when Facebook, for instance, is hacked and your password exposed, the hacker can log into your Twitter and LinkedIn account. My supposed “attacker” had gained access to one of my many online accounts and retrieved the password. Luckily, they did not know what other accounts of mine used the same password. I wasn’t taking that chance anyway.


This is a common way an attacker gains access to your password. What they normally do is send you a link (mostly via email or direct messages on social media) requiring you to log into your “targeted” account. For example, if they want your Twitter information, they will design a page that appears exactly as Twitter’s sign in page. Often, they may claim that your account has been compromised and need you to change your password immediately. To you, this may sound like an emergency and without second thoughts, click on the link, see the cloned Twitter sign in page, enter your details and voila, they have your login information.

Weak Passwords

Many of us input our dates of birth, surnames, nicknames and other easily guessable information as your password. Some still enter “password” as your password. Other common passwords are “123456”, “admin”, “princess”, “111111”, “00000”, “welcome”, “football” and so on. Such weak passwords are very easy to crack.

Saving Passwords on a Public Computer

I covered this in my previous post “Ignorance Has No Place in Your Cyber Space”. When you are on a public computer, never save your password when prompted by the browser. This password can be accessed even when you log out of that computer.

Using a key logger

There are viruses that install key logging software on your computer. These key loggers record each key stroke when you type. If an attacker wants to know your Facebook password, the key logger becomes active when you visit Facebook on your browser. The moment you start typing, they record and send the keys pressed to your attacker.

In my next article, I will guide you on how to come up with stronger passwords and how you can prevent them from being exposed or easily cracked.

Find out whether your password has been exposed

Meanwhile, there is an interesting tool that can tell you whether your password has been exposed. Just type your password into the field provided and click “pwned”. The system will tell you whether your password has been exposed, and if exposed, how many times. Here is the tool.

Jones Baraza is the founder of Swift Intellect, a software and Cyber Security firm based in Nairobi, Kenya. He is also the founder and project manager for IsVipi OSSN, an open source social networking software with over 1 million downloads. He is passionate about tech and security. You can follow him on Twitter @JonesBaraza