I am not sure where something like this should go, but I have an issue with the one-time password authentication.

I believe this to be beneficial in theory, but there are some improvements that are needed to adequately "protect" an account holder. The fact that all you need to effectively lock someone out of their account is an account name/password is an issue that needs to be addressed. There has to be some sort of checks and balances system in play when signing up for the "one-time password" setting. There is not an email that is sent to the account holder outside of one notifying that this setting has been applied. There is not an email sent that says, "if you did not do this, please follow this link to reset...." etc. It is just an automatic setting that is done, and there is no way to combat someone from taking over your account and locking you out if they have somehow hacked your username/password.

Someone I know - and who has had an account for YEARS - has had their account stolen from them so easily that it is distressing. This should have been prevented. There should be some sort of warning or work around when a setting like this has been applied. As with some other websites, a notification is sent asking if a password has been intentionally changed and if not, one can take corrective action. But with this one-time password setting, this is nigh impossible. All the time he has put into this game has effectively been ripped away because there isn't a system in play to stop a hacker from doing this. Please incorporate something into the one-time password setting to prevent this horrible situation from happening. This is upsetting and distressing to both him and myself, and something that should be preventable.

Thank you.