Multi-factor Authentication FAQ - Password security
Although it may be frightening to hear, it has probably happened already. Given the scope of recent breaches of popular services such as Dropbox, Chegg, Experian, Target, Adobe, and more, everyone should assume that their password has been stolen at some point. Although it was probably encrypted, thieves may have attempted to break the encryption. If you didn't use a strong password, they have probably already cracked it.
In addition to being caught in data breaches, passwords can be stolen many other ways. For example, through phishing scams or by simply writing it on a piece of paper to be found on a desk, in a wallet, or in the dumpster. Passwords can be intercepted when using unsecured Wi-Fi networks at the coffee shop, airport, or hotel. It is even possible to unknowingly have malware installed on your laptop that could be recording activity and sending it to thieves online. Given these possibilities – and many more – you should always be on the defensive, making sure to follow proper security precautions to protect your accounts.
Article Id #23510