Cracking is where a program or script is used to run through a list of words, numbers, and/or symbols in an attempt to find your password. This is done by sending repeated login attempts using the victims username and the current entry from the list. Most big companies, such as Yahoo and Hotmail, have safe guards in place to prevent this sort of thing. Try logging into Yahoo using the wrong password and you will find your account locked after the third attempt.
Hacking is where the person tries to access a machine, be it yours or, for the sake of this page, Yahoo's in an attempt to get the password. The term hacking covers more than just this but for the purpose of this page that is the part that concerns us. Once again big companies such as Yahoo! and Hotmail are not that easy to "hack" and so most so called hackers will target individual machines, ie YOUR computer. This is usually done with a trojan. A trojan is a program that is disguised as something else ( hence the term trojan from Trojan Horse) and once run can give the attacker full access and control over your pc. This is easy to protect against with three things:
Right so lets discuss the fake login pages then since thats what this page is about. Most fake logins are easy to spot, just look at the URL, thats the http:// bit you get in the address bar. If it's a real Yahoo! login page the url will start with http:// or https:// and then it could be anyy or none of the following, login.yahoo.com, mail.yahoo.com, edit.yahoo.com. So the start of the address could be http://login.yahoo.com. There are to many variations for me to list here but all you have to check is that the bit after the :// and before the next / says yahoo then a domain such as .com, .co.uk, .co.jp, .ca, .co.kr, etc. As I said most fake logins use a free host such as geocities so the URL will say www.geocities.com or www.angelfire.com and not yahoo.
Now some of these fake logins are getting clever. They use a url like http://login.yahoo.com/edit?src=1&warned=1@www.realaddress.com/. Now the start of this url looks correct but what they are doing is using the @ symbol. The @ symbol is used when a site reuires a username and is used as http://USERNAME:PASSWORD@www.realsite.com. the part before the @ will be ignored by most servers and they use this fact to disguise the real URL from you. If you come across a fake login page report it to the sites host and it will usually be removed within 24 hours.
I must add at this point that a recent Internet Explorer patch removed support for http://login.yahoo.com/edit?src=1&warned=1@www.realaddress.com/ style urls which while being a good thing regarding fake logins has caused problems for many companies that use this type of url to log you in.
For more information on this subject try this page:
http://www.helpbytes.co.uk/fake_login.php
A good page on choosing and remembering passwords is http://wiki.ehow.com/Remember-Your-Password