"First, security is like a chain - it's only as strong
as the weakest link. Even with a secure computer that is connecting
to a secure web site using a secure network connection a weak
password pretty much defeats the security. There are three ways
intruders can get your password without your direct assistance. By
"direct assistance" I mean you telling them (in other words, lying
still works) or by writing it on a sticky note and pasting it on
your computer where everyone in the room or those looking through a
window can see it. The remote methods include installing spyware on
your computer or the web server your are connecting to, guessing
your password based on what they know about you (pet names, phone
numbers, favorite foods, favorite cars, etc.), or using another
computer to try every possible password (called a brute force
attack).
"The last one is often used with a method known as a dictionary
attack which uses dictionaries of known words to check against.
This works faster because most passwords are words instead of
random characters since they are easier to remember. There are
dictionaries for every language. There are also dictionaries for
special categories like scientific fields, entertainment, or
industries. For example, a biology dictionary may contain
scientific names of plants, animals, and fungi. An attacker could
include it if they knew you were a biologist in case you used the
name of a bacteria for part of your password."