2-factor authentication is a great step to protect yourself and your information. But, with that said, there is more to making it successful than simply turning it on and using it. As an example, when we get new employees, part of the information security training is to completely hack them into oblivion. The IT crew gets their Facebook profile loaded up and determines their email address. If they are super public with their posts and information, most of the time, they can set up a combination of password reset requests for the 2 accounts; use the information provided on social media to verify the identity of the email account. Gain access to the email, use it to gain access to the social media account. Find out if they have more accounts, gain access to them; either they used the same sign-in info on all of them, or they can use the current email to reset the passwords and gain access. This is done during orientation with HR, and they get talked to about it after that meeting. Point being, if you are going to use 2FA, please make sure to manage all of your public accounts properly. Restrict the ability to find your account, or display your postings and information publically. Don't use the same password for multiple accounts, and don't use simple combinations of letters and numbers. Dictionary attacks are great at breaking those. Make sure that you don't base security information off of things you like or are socially involved in; if you are a golfer, make sure to never use a golf term in your passwords, as an example. Never include birth date information, SSN or drivers license information, student ID, address, or other coincidental identifiers in usernames or passwords. And be aware of social engineering techniques, as these can be incredibly successful and difficult to detect if you're not on guard for them. My thanks, Nike, for bringing this issue up. Hopefully, you can help save some people a lot of hardships by doing so.