HACKED!

[LamiaTrucido]

The "token is safer" myth is just that. A myth. You will get hacked with and without it. As my account has.

You aren't getting hacked without doing something wrong.

If you don't have a token and you get hacked - without having a virus, keylogger, or other malware on your computer, it was because you used the same username and password on your SE account as you did on another account/forum/etc and THAT was compromised, therefor your SE account got compromised. In this situation, you were hacked because you used poor judgement and used the same password on multiple sites (or alternatively used a incredibly simple password that was easily cracked). In this situation, it was your fault for using duplicate information.

In the case that you got hacked using a token, you had a piece of malware on your computer that interrupted your session, stole the one-time password, and then the hacker used it to log in and strip your account/use it to RMT/change your password/etc. In this situation it was your fault for having malware on your computer.

Both situations are the fault of the user.

Unless, of course, you would like to propose that someone stole the kernel to all the Digipass one-time passwords (like happened to RSA when China broke into Lockheed-Martin last year) and as a result have the ability to replicate your one-time password.

Of course, they would still have to know which of the (hundreds of thousands? millions?) of one-time password kernels are yours.