[j4tech]

1. My new Asus RT AX86U had Merlin installed on it. I disconnected this router after I started getting security alerts and switched to using the router provided by my Service provider.

2. I use firefox with cookie cleaner add-on that clears cookies the second I close the tab.

3. I have a paper copy of the account details and I am 100% sure of my recovery email. I got a Yubi key recently and plan to use that and authenticators on all my accounts.

[davidmitchell2]

2. Instead of that use separate firefox profiles - one exclusively of Gmail. Another for casual browsing. If you clear cookies all the time then it seems like you are logging in so many times per day. This could be a warning sign of hacked account - for google. (i.e) do not do unusual things.

3. At the end U2F is the proper solution, albeit late!

[j4tech]

Good point @davidmitchell2. I will do that.

[davidmitchell2]

I therefore have one for facebook, slack and so on (i.e) for every major company when I login. Then one is for just browsing.