Hi, I checked the account history quickly, and saw the hack had nothing to do with your account email. The attacker used the reset password function and got the right reset key right after, which he used to change your password. Therefore here are my questions for you:
- Was your email password strong too?
- Are you sure you NEVER logged into your email from any other place than your home, on a safe computer (ie. never used that email from a mobile device, for example)
MagicalTux, so if you make the account read-only for 1 week after such an event and display a notice about that having happened in big letters after login, then the risk of such a theft happening again is much lower. You can make this an option at account creation and even let the user specify the read-only time.
We'll start with something more simple, the "security question" on password reset. This should help a lot.