2. all encryption can be broken with enough time AFAIK
Except the one time pad.
thats not encryption, thats 2 factor verification, and it too is easily defeated
man in the middle attack
how do you handle it when you "lose" your security token?
phishing