How Are Passwords Commonly Compromised?

When they are shared with others, or stored in an easily discoverable way – a commonly seen example is a computer login password written on a post-it note, and then stuck onto the same computer or nearby.
When someone witnesses a password being entered on your screen and writes it down, or remembers it.
Using an email client without SSL session-wide, only at the login page leaves passwords and other information vulnerable as they are visible by anyone with access to the connection after logging in.

A device is physically accessed, and passwords are obtained through “Save My Password” or “Remember Me” settings saved on websites via a browser – this is especially possible if full-disk encryption isn’t used on a device.
Malware, such as a keylogger which can document every keystroke on a device and send it to a waiting third-party, can reveal not just passwords but potentially a great deal more personal or sensitive information.