Quote:
Originally Posted by rakeme
However, when I went to reset my password all that it did was send a password to my alternate email address and I simply clicked the link in the email and typed in a new password without having to receive a text message to verify.
So if I ever had a keylogger installed, all they would need to do is hack my alternate email.
Let's say someone was able to create a new password for you, as you describe above. Wouldn't this be insufficient to gain access to your account, since there is a second step of verification, the pass code?
Were you resetting your password on a device that you set up as "trusted?"
This could explain why there was no second-step of verification.