I came to this realization after having my origin account compromised, banned for hacking, and my Apex Legends coins spent by the person. I have zero details of whether they utilized Origin, a Console, or some other means to login and access the account, and of course, there are no refunds when it comes to transactions of Apex coins. Please pardon my whining about $10 worth of Apex coins because the principle here is much bigger than that.
There is absolutely NO good reason that in order to receive a warning about a suspicious login on my EA account, I will have had to have previously gone to EA.com and first set up Login Verification.
As far as I am concerned, if someone has spent money within Origin or any EA game, EA should be reminding them that their account is completely unsecured without Login Verification enabled.
What's crazy is that I searched my email inbox and found that in 2019 I received a legitimate "new sign-in on PC" email from EA. If this worked in the past, why didn't I receive anything like this when someone probably in a different country got onto my Apex account? My guess is that they somehow bypassed Origin entirely but I will never know for sure because I received no warnings and apparently didn't have login verification enabled.
TLDR: Login verification should be required or, at the least, heavily encouraged (via email reminders/pop ups within Origin) for all customers. This would probably also prevent a lot of cases and headaches from being created.
