Explore the anatomy of account takeovers in this 17-minute conference talk from USENIX Enigma 2018. Delve into the ecosystem supporting credential theft, the dangers posed to users, and the importance of automatic, defense-in-depth risk detection systems. Learn about the likelihood of users falling victim to data breaches, phishing, or malware, and how hijackers exploit stolen credentials. Examine how identity providers can use risk analysis and login challenges to enhance security for password-only users. Discover the practical weaknesses of certain login challenges and the evolving tactics of attackers. Gain insights into ongoing challenges, including the disconnect between public opinion and necessary security measures, and discuss potential industry solutions to improve overall account security.