Once your username and password are known to a snooper, they can access your precious bitcoins, whether the credentials are for an online exchange account, an online wallet, your mobile wallet or your PC wallet. If your PC or mobile is connected to the internet, an attacker can access it using security vulnerabilities specific to the device’s OS.

If, like most people, you use a password formula for various logins then you should consider strengthening your passphrase scheme (formula) to generate more secure passwords. Often, the theft of one of your password can reveal all of your other login passwords, because they are variations of a formula. Botnets exist to decypher and extrapolate these formulaic passwords.

A standard Bitcoin transaction requires your private key to unlock its bitcoin outputs. If a third party obtains one or more of your private keys (stored in your wallet) then, he can transact any coins previously received by that public-private key pair. Such a transaction doesn’t have to be made using your wallet – it can be initiated on any device and from anywhere. This is a design feature of Bitcoin which allows, amongst other things, the ability to import and export addresses between wallets.

The following infographic can explain more about it: