You're claiming that your password and PIN were strong, that you never provided it to a phishing site, and that somehow someone cracked both your password and PIN? Then you note that "My Password was strong, but not the kind of strong that you go out of your way to make sure no one could ever force their way past." WHY WASN'T IT? If you have a strong password, no one should be able to guess it. The fact that you mention that you didn't make it strong enough to prevent that is reiterating the fact that this could have been avoided by using a strong password. You should ALWAYS use strong passwords. Why would you ever use a password that you acknowledge is not strong enough to prevent someone from guessing it? Seems pretty counter-intuitive. You complain about there needing "to be a way to recover an account ... so people are not robbed blind" --- if your password and PIN are strong, you will not be "robbed blind" because no one will be able to gain access to your account simply by somehow GUESSING your password AND PIN! I'm sorry that you lost money, but you said it yourself - you didn't protect it well enough because you weren't using a strong password. (or you claim to be using a strong password but "not strong enough" to prevent this type of thing from occurring.)