>But the fact remains that 99.5% of the people who suddenly switch their login traffic from US to Romania or whatever have been hacked
Why wouldn't a 2-factor or a recovery email sent to another address be enough to refute this?
If you can hack someone's device, it's not that much more difficult to tunnel the connection through a residential VPN. If you can't hack their device, then you can't get 2-factor codes or access their other accounts.
Why wouldn't a 2-factor or a recovery email sent to another address be enough to refute this?
If you can hack someone's device, it's not that much more difficult to tunnel the connection through a residential VPN. If you can't hack their device, then you can't get 2-factor codes or access their other accounts.