Never ever use SMS verification. If you linked any account with your phone number, they can do a SIM swap attack and password reset your account, which is game over.
It's so shocking to me that this person is breathing a metaphorical sigh of relief already. If someone got into my E-mail, it would pretty much be game over. I would have to spend weeks (if not months or years) dealing with the potential fallout.
Also, aside from the regular problems that come from such a compromise, attackers can also begin sending E-mails from your address - in perpetuity - if they set up a Gmail alias.
They probably didn’t; they probably just reset the password by authenticating using the phone. Using SMS as a second form of authentication is a really bad idea, and password resets of all kinds are usually the weakest point in your account security.
See, that's the real problem though. If you can reset your password via SMS, then SMS isn't a second factor, it's a single factor. And it's a far less secure single factor than a strong and unique password!
Absolutely! You should definitely check how your email provider handles password resets before you make your decision about what email provider to use.
Never ever use SMS verification. If you linked any account with your phone number, they can do a SIM swap attack and password reset your account, which is game over.
[0] https://news.ycombinator.com/item?id=26145985
[1] https://news.ycombinator.com/item?id=25762179