Suggestion:
1. Seals put up a form or otherwise instruct players to communicate. Email, etc.
2. If you made a deposit with a traditional bitcoin wallet, sign a message from the address(es) you used.
3. SwC should coordinate with affected players who do have their password, but can't login with 2FA using GA.
4. Players prepare as much proof as needed that only you would reasonably know, chat logs, hand histories, etc.
This doesn't stop hackers who have control of your machine, but it's better than nothing.
If you are locked out definitely email us at
admin@sealswithclubs.eu.
None of those methods are solid because like you say, anyone with control of the computer will have them.
Signing is particularly bad because of rouge webwallets and because players often have others deposit direct to their Seals account. And the fact that people using many wallets won't even be able to sign.
In the warnings when activating Google Auth we say that we will remove Google Auth at our discretion. We never remove it with a wait period of less than a week, and 2 weeks is the default in absence of evidence ( evidence beyond control of the email on account). A valid login will cancel the request. This means that if you have Google Auth activated and you check up on your account once a week no one will be able to get in your account without your Google Auth device no matter what.
This recent issue seems to have only affected a few of our players. Only 2 have written so far about losing Google Auth access this way.
