Some time ago I had a sign in attempt with password on my Google account. Inputting the password on the Boox was one of my theories as to how it was stolen. I've since made a dedicated account for the device, and the sign-in is now done via a one time token so that risk is mitigated.