for junior

1. All accounts no matter what they are should not have two step , I will explain why.
2. Someone can call up and pretend to be you and get you texts forwarded with their sim card,
3. Most companies only ask for last four of ssn or just basic billing info / security question answer.
4. One they get into your texts its over they can compromise anything that has your phone linked and bypass two step easily.
5. The best thing to do is to have a very unique email for each one of your social media accounts ( preferably gmail or hotmail) , I say those two because there is no phone support so it will be nearly impossible for a attacker to gain access unless they know your password. Passwords can be found within database leaks , which may contain you full name , one of your ip addresses, date of birth. email, address, phone, etc. The best way to make sure none of your passwords get found is too make them complicated and have 1 individual password for each site / email / login. Do not write your info on your pc or mobile device, keep it on a seperate piece of paper and tucked into a shelf / case if needed. Of course all companies have flaws like bypassing suspicious activity or even 2step,
6. also remote code execution or a api link endpoint that leaks out personal information about a persons account information.
7. These things you have no control of its the companies job itself to have these issues fixed, that is why several companies now offer rewards to people who find from low to high critical bugs / exploits within their website , so they can become more secured.