Do they think their customers are stupid and will forget the incident?
For people like me who basically can't make my own decisions properly, where should I switch to? Is DigitalOcean better in this regard?
Two factor auth addresses the user password as being a weak link, and this is a nice step
Oh and btw, yes, the private keys were on the server, with a passphrase