As I see that hacking an account typically involves obtaining someone's account password, I'm reminded that almost all websites out there have a password lost feature which allows to send you either a new password, or equivalently the right to save a new password, usually using the same vehicle (your computer), by far the most egregious scenario, or a 2nd factor vehicle such as SMS. This feature is useful, I understand. If you lose your password, you're glad this feature is at your disposal. But should it ? Is it the best we can do to protect your account ? Or should we perhaps defer on you to make sure to never lose your password and avoid this password lost feature in the first place ? Why you ask !! because if your socially hacked, your hacker will simply use this feature to obtain a password, then own your account, and from there you don't know what happens. In a nutshell, this feature is nice, but it should not be available anymore. Don't reward account hackers! ASAP.