|
|
|
|
|
|
by jsnell
1639 days ago
|
|
|
What devices are you using the account on? If it's on a desktop browser, my assumption would be that you've got malware. That allows them to trivially steal the session cookies, steal the passwords the next time you log in, steal any device identification cookies that are used to control not using 2FA on logins from trusted devices / sending new device notifcations, and also hijack your recovery and notification email address. If you're only using this via the app from a mobile device, then malware is an unlikely explanation though. (Why are you regularly changing the password anyway? What's the threat model you're trying to guard against?) |
|
|