How to Protect Your Password From Getting Stolen

Did someone get your password? Here's how to prevent it from happening again

You can log into your account worldwide!
Yuri_Arcurs / Getty Images

Unfortunately, hacking into someone's web-based email account may be easier than you think, frighteningly simple in fact.

They might use a well-known hacking attempt calling phishing, guess your password outright, or even use a password reset tool to make you a new password against your will.

To learn how to protect your password from thieves first requires understanding how to steal a password.

How to Steal a Password

Passwords are usually stolen during what's called a phishing attempt where the hacker gives the user a website or form that the user thinks is the real login page to whatever site they want the password for.

For example, you could send someone an email that says that their bank account password is too weak and needs replaced. In your email is a special link that the user clicks to go to a website you made that looks like the bank they use.

When the user clicks the link and finds the page, they enter their email address and password that they've been using because that's what you told them to do in the form (and they think you're from their bank). When they finally enter the data into the form, you get an email that says what their email and password is.

Now, you have full access to their bank account. You could login as if you were them, see their bank transactions, move money around, and maybe even write online checks to yourself in their name.

The same concept applies to any website that uses a login, like an email provider, credit card company, social media website, etc. If you steal someone's online backup service password, for example, you can now see every file they've backed up, download them to your own computer, read their secret documents, view their pictures, etc.

You can also gain access to someone's account by using the website's "password reset" tool. This tool is meant to be figured out by the user but if you know the answers to their secret questions, you can reset their password and then login to their account with the new password you created.

Yet another method to "hack" someone's account is to simply guess their password.

If it's really easy to assume, then you can get right in without any hesitation and without them even knowing.

How to Protect Your Password From Getting Stolen

As you can see, a hacker could definitely cause some headaches in your life, and all they have to do is fool you into giving out your password. This takes just one email to trick you, and you can suddenly become a victim of identify theft and much more.

The obvious question now is how do you stop someone from stealing your password. The simplest answer is that you need to be aware of what real websites look like so that you know what false ones look like. If you know what to look for, and are suspicious by default each time you enter your password online, it will go a long way in preventing successful phishing attempts.

Each time you get an email about resetting your password, read the email address it's coming from to make sure the domain name is real. It usually says something@websitename.com. For example, support@bank.com would indicate that you're getting the email from Bank.com.

However, hackers can spoof email addresses too. Therefore, when you open a link in an email, check that the web browser resolves the link properly.

If when you open the link, the supposed "whatever.bank.com" link changes to "somethingelse.org," it's time to exit the page immediately.

If you're ever suspicious, just type the website URL directly into the navigation bar. Open your browser and type "bank.com" if that's where you want to go. There's a good chance you'll enter it correctly and go to the real website and not a fake one.

Another safeguard is to set up two-factor (or 2-step) authentication (if the website supports it) so that each time you login, you not only need your password but also a code. The code is often sent to the user's phone or email, so your hacker would need not only your password but also access to your email account or phone.

If you think someone might steal your password using the password reset trick mentioned above, either choose more complex questions or simply avoid answering them truthfully to make it nearly impossible for them to guess. For example, if one of the questions is "What town was my first job?", answer it with a password of sorts, such as "topekaKSt0wn," or even something completely unrelated and random like "UJTwUf9e."

Simple passwords need to be changed. It's that easy to understand. If you have a really easy password that anyone could guess and instantly get into your account, it's time to change it. For more information, see How to Make a Strong Password and Examples of Weak and Strong Passwords.

Tip: If you have a really strong, secure password, there's a good chance that even you can't remember it (which is good). Consider storing your passwords in a free password manager so that you don't have to remember all of them.

You Can't Always Be Safe

Unfortunately, there is no 100% foolproof way always prevent people from gaining access to your online accounts. You can try your best to prevent mimicry attacks but ultimately, if a website stores your password online, someone could potentially steal it even from the website you're using.

It's best, then, to only store sensitive information like your credit card or bank details, within online accounts that are hosted by companies you trust. For example, if an odd website that you've never purchased from before is asking for your bank details, you might think twice about it or use something secure like PayPal or a temporary or reloadable card, to fulfill the payment.