Authn8
Back to Blog

My Accounts Were Hacked in 2015: Why I'll Never Skip 2FA Again

Published: November 17, 2025 15 min read Security Story

In 2015, I learned a hard lesson about account security. Two of my accounts - Skype and GitHub - were compromised, and it changed how I think about online security forever.

This experience didn't just make me a 2FA evangelist. It eventually led to the creation of Authn8, our solution for teams struggling with the very real challenge of securing shared accounts without sacrificing productivity.

What Happened: The 2015 Breach

The Warning I Ignored

Three days before I realized anything was wrong, I received an email from a site called "Have I Been Pwned." I'd never heard of it before - this was 2015, and the service was still relatively new. The email said my credentials had been found in a data breach.

I ignored it. That was mistake number one.

My Security Habits (Or Lack Thereof)

Up until this point, I had terrible security practices:

  • Same password for everything - I used one password across most of my accounts
  • No 2FA anywhere - I didn't even know what two-factor authentication was
  • Never changed passwords - Why would I? Nothing bad had happened... yet

The Breach

When I finally realized something was wrong, two of my accounts had been compromised:

Accounts Compromised

  • Skype - Someone had accessed my account and was using it
  • GitHub - My development account had been breached

The only reason it wasn't worse? My Gmail account had a longer, more secure password that was different from my usual one. Pure luck saved me from a much bigger disaster.

Why I Became a 2FA Convert

The Immediate Action

Right after regaining access to my accounts, I:

  1. Downloaded Google Authenticator
  2. Enabled 2FA on every account that supported it
  3. Started using unique passwords for each service
  4. Actually paid attention to security from that day forward

Understanding What 2FA Actually Does

Here's the simple truth: Passwords alone are broken because they can be leaked in data breaches, people reuse them across sites, they can be guessed or phished, and once stolen, an attacker has full access.

Two-factor authentication adds a second requirement: something you know (password) and something you have (your phone, a security key, a code generator).

Even if an attacker steals your password in a breach, they can't get in without that second factor. If I'd had 2FA enabled in 2015, my accounts would have been safe despite the password leak.

Why We Built Authn8

The Gap in the Market

As I became more involved in security and helping teams implement 2FA, I kept running into the same problem: teams needed to share 2FA codes securely, but there were no good solutions.

  • Password managers could store TOTP codes, but mixed passwords and 2FA in one tool (single point of failure)
  • Consumer authenticator apps (Google Authenticator, Authy) weren't designed for teams
  • Enterprise solutions existed but cost $15-30 per user per month
  • No solution specifically addressed team 2FA code sharing with proper security

There was nothing in the middle - nothing built specifically for teams that just needed to share 2FA codes securely.

Building Authn8

That's why we built Authn8. It's specifically designed to solve the problem of team 2FA management:

Secure Vault

End-to-end encrypted storage, no more screenshots, organized by team or project.

Complete Audit Logs

See who accessed which code and when. Exportable for compliance reviews.

Instant Access Control

Assign codes to specific team members. Revoke access in seconds when someone leaves.

Multi-Platform Support

Web app, iOS and Android apps, automatic sync. Works offline.

Lessons Learned: 10 Years Later

If I could go back and talk to myself before that breach:

  1. Enable 2FA everywhere today - Don't wait until after you get hacked
  2. Use a password manager - Unique passwords for every account
  3. Avoid SMS for 2FA - Use authenticator apps or hardware keys
  4. Save backup codes - And store them somewhere safe offline
  5. Regularly audit your security - Quarterly reviews, not once-a-year
  6. Monitor for breaches - Use services like Have I Been Pwned
  7. Think about teams early - Plan for secure sharing from the start
  8. Don't reuse passwords - Not even variations
  9. Enable login alerts - Know immediately when someone accesses your accounts
  10. Take security seriously before something bad happens - Not after

Ready to Stop Sharing 2FA Codes via Screenshots?

See how purpose-built team 2FA management transforms your security.

Get Started Free

Conclusion

That Tuesday morning in 2015 when I discovered my accounts had been hacked was one of the worst days of my professional life. The panic, the embarrassment, the days of recovery work - I wouldn't wish it on anyone.

But it taught me something invaluable: Account security isn't optional, and 2FA isn't just a nice-to-have feature - it's essential.

Don't wait for your own 2015 breach moment. Enable 2FA on your accounts today. If you're managing a team, use tools designed for team security, not individual workarounds.

Your future self will thank you. Trust me, I know from experience.

Related Articles

How to Share 2FA Codes Securely

5 secure methods including pros, cons, and best practices.

Authy for Teams Alternatives

Why Authy isn't designed for teams and what to use instead.

2FA for Remote Teams

8 best practices and tools to keep distributed teams secure.

External Resources

Back to Blog