There are many ways, some more simple than you think.
-There are unumerable code breaking programs that \"brute force\" their way into your account.
-Various tricks with the encription and things like that (obviously more complex)
-Dummy login screens, where a duplicate of the login screen is made, and changed so that when you hit enter, the information they typed gets forwarded to an email address of your choice.
-Remote login programs, I can recall one not long ago, but it was rumbled and the hole plugged.
Bookmarks