Adding 2FA to create Secure Mail Key with AT&T Profile

To add emphasis to loon15's post:

It's actually happened to me a least 6 - 8 times. I am on a brand new PC and it still happens. It's happening from within the organization for sure. Simple fix. 

2FA to create secure mail key

You can add one to my count for a running total of 3 times for me... and if you're keeping track of other stats, I've now changed my email password 4 times and have a completely separate account set up for these forums. I almost never click on links in emails and have made a point not to do so in any message sent to my @att.net account since the 2nd password reset/2nd mail key was added to my account without my permission.

I haven't been phished, guys. Y'all have a problem.

3 times had a new security key added in the last 36 hours.  I only use Outlook for email. Thankfully I have been getting the notifications, so able to delete them - but I have had this email a LONG time, and have a lot of stuff tied to it.

There must be a security hole on the AT&T side with some of these old domains (mine is a "sbcglobal.net" addy), and hopefully through all of our complaints on what seems to be a (relatively) new situation they can find a resolution.

I sure hope so Rick. I have had my bellsouth.net email address for 20+ years. It is a pain in the butt to switch everything.  I am currently moving to an outlook.com email address which still uses secure mail keys but at least it has 2FA.

If you are still holding out hope that AT&T is gonna fix this you are fooling yourself. No amount of threads in this forum can make them care. That's obvious from the dismissive replies and the way they're basically ignoring us. Do yourself a favor and move your most sensitive accounts ASAP. If you want to leave your walmart or reddit accounts on at&t email a bit longer in hopes of not having to migrate, go ahead and gamble with those. But not your bank, credit card, any government accounts, etc.

I've had a secure mail key continously added to my account for the last year.  It's always at random times and they are doing it without altering my password. Also they never log into my account to add it, because it doesn't show on the login history page.  
So somehow people are able to randomly generate keys until it connects?  Or there is a security breach in your system.  Or it's a rogue employee putting these keys on people's accounts.  Please address this @ATTHelp @ATTHelpForums @ATTHelpFeedback

I don't want to give anyone false hope... BUT - I have not had a security issue for the last 4 days by way of not only redoing my password, BUT I also deleting ALL Security Keys (including this active one that I CREATED)... by way of erasing ALL of the Keys then reissuing a new one for my Outlook mail application, I have not had a breach....  Sure, it's just a matter of time I'm betting; but trying to share with this small group to see if anyone else has erased ALL Secure Keys and started from scratch?  If not, maybe someone can give it a try like I have, with perhaps favorable results.  Invisible - you are ultimately correct, this is free old and they could care less, but it would be ideal if this can be figured out.

FWIW - I did the same thing as Rickp703 the last time my account was attacked.  New password, deleted all secure keys (both legit and not legit).  Created new secure keys.  My accounts has been good so far (several weeks).

I don't have a lot of confidence that this solution with stick.  But it would be good for more people to try it and report on their results.