Some people will never learn.
Oh, Ive learned that only 2fa is really secure, until it aint.
So why is it not mandatory, the whole point of this thread.
Of course id like my litecoin back. And I want the fees polo made off my theft back.
However, I am simply arguing for 2fa to be mandatory at polo. The fact that it isn't, when this is a repeat problem effecting several people should leave them open to a lawsuit.
If you lose your phone, the 2FA will make your life hard. If you only keep pennies on Poloniex, it's not worth it.
I did a factory reset for my phone and I kept my exchange accounts without 2FA for some 2-3 days with no 2FA (obviously they were empty too).
When the phone came to a good status, I've re-enabled 2FA everywhere.
Bottom line: there are moments when it's okay to have no 2FA. Making it mandatory would be stupid. It's the user's problem to deal correctly with this.