Originally Posted by
Admiral Ackbar
People should be using 2FA on their Gmail accounts, easy peasy. That and a password manager should remove you from the low hanging fruit category.
This.
If you have access to my Gmail account, you have me completely owned.
But to log into my Gmail, you need that password (randomly generated, quite long, upper/lower/numbers/symbols, rotated every now and then, takes a week to memorize it

) as well as access to my phone.
So no one in Africa is going to be breaking into my Google account.
Aeroplan I trust about as much as my ability to log in at midnight.
But you can be damn sure that if I woke up to an email about a flight booking, I'd be on the phone pretty quickly. Though it could be more fun to wait until T-90 of the first flight.