Device Accounts





There are various way's to retrieve passwords. Here are some of them to recognize the methods and to check against.


  • Retrieving passwords (paying attention to links in various messages)
  • Unique passwords (not re-using them)
  • Check against a Database of Hacked Cloud Services, to see if you account is listed.


Where to pay attention to?


  • A password does not nescecerally need to change if no ones knows it.

  • Keep them unique - do not re-use them.

    • Use a password manager (next article here)

  • Phishing messages (where you are asked to login with your credentials)

  • Shoulder surfing

    • Someone watching over your shoulder and paying attention to what you're typing in.

      • Demand in a friendly way for some privacy! Explain if nescecarry.

      • Turn away from the person or ask to leave because of privacy concerns.

    • This a the major reason you should enable 2FA/MFA. Don't offer the oppertunity! (2fa article here)

  • Taking over your computer (not patched, article here)

    • Reading your password.txt password.xls file

  • Guessing a simple password > Brute Force Dictionary Attack based on your family / childrens / grand parents / dog / kitten / street name.



A well-known site of Troy Hunt, the founder of Have I Been Powned to check against his collection of Databases of hacked accounts is:

If your e-mailaccount is listed in this website for certain services, you should change that password you've used for every account with that password immediately!

It's a free ticket to your account. Be smart, change it and do not re-use it ever again!