I am doing some research into how a password can be hacked. Hacked not in the sense of someone trying to repeatedly guess your password until the correct password is guessed. The case I need to learn more about is how a password can be hacked from memory. I don't wish to hack passwords, only to gain a high level view. Here is my question. .
Suppose you have an "Intranet website" and you have 10 users throughout a company accessing the website. Suppose the users are very security conscious, and do not let others gain physical access to their laptops. Meaning they log into their personal pc with the username and password assigned to each of them. They are protective of their user credentials and do not every let others know them, or find them out by such methods as shoulder surfing.
Is it possible that their passwords can be hacked even if a hacker does not have login access to their PC/laptops? If so, how can that be done? The only thing I can think of is someone with network administration skills somehow gaining access to their PC through the network.