Chances are you didn't keep your password secure.
(Just because you can't see it on your screen doesn't mean that it's encrypted. If you use the same password somewhere else it may not be encrypted in their database. If you're not using HTTPS, anyone on the path that the TCP packet takes around the Internet can view that password. You should be very careful about the passwords you use.)
Take this TCP Trace... The password I put in was covered by circles on my screen, but sent unecrypted
|
Code:
|
...
Authorization: Basic dGVhbTAyOmE3YTg4YWFh
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
username=dezza&password=myPassword123HTTP/1.1 200 OK
Date: Wed, 07 May 2008 11:53:24 GMT
Server: Apache/2.2.4 (Fedora)
... |