We all know the limitations of strong passwords, or of reusing passwords, but the most common ways passwords are stolen are the simplest, and the least technical. This video from The Media Show explains how those methods work and what you can do about it (using puppets, too). If you don't have time to (or can't) watch the video, the video walks through a few common scenarios where someone could easily get your password either by simply eavesdropping, social engineering, shoulder surfing or taking advantage of someone who leaves their password lying around, reusing the same password everywhere or even performing a man-in-the-middle attack where they get someone else to obtain useful information and then use it. They even try a dictionary attack — another super low-tech method that's easy to defend against, but too many systems and services don't guard against it.
Best of all, while all of the password stealing examples in the video are in the context of someone trying to get into a club without being on the guest list, they're all applicable to computers and internet technology too — no coding or "hacking" required. To protect yourself, the usual rules apply: Use strong and complex passwords, don't use the same password everywhere, don't litter your passwords with dictionary words or important dates that are easily guessed and don't share your passwords with anyone. We'd add in using a password manager, but if you take anything away, the basics are what are important.
Hit play on the video to see the whole thing — it's fun, and funny, and something you can send around to friends or family who aren't tech-inclined.