So, in this case, if an SMS code would have been required to login from another device that the perpetrator used to access the information with the information gained, he would have been stumped as the phone would still be in possession of the employee.  

It would also have indicated to the employee that someone is trying to access their account remotely and without her authorisation. In this case, they could have changed their password and regained control of the account without any information lost.  


Multiple layers help us with our fallibility since they require multiple actions, multiple points of thought and multiple occasions to see issues that might be unclear when we only have one level of security. Once the password is out there, there’s no getting it back so if no additional steps are required, the account is compromised.  

With multiple steps, we have a window of opportunity as long as the second step is in place to think back if that email might have been suspicious or if the information we provided may lead to harm. So, whenever available, turn on 2FA and ask for it from your employer or service provider and demand it from yourself.

Read more about other security breaches