Maybe now is the right time to switch to multi-factor authentication on all your accounts. Well, at least on all accounts that allow this additional security measure. Notice that even with this facility in place, many companies do not have very strict policies on resetting your password on someone's request who claims to be you. How strict should companies be on these requests? Have you tried calling them to find out what they ask you? And checked how easy that information can be obtained by a malicious stranger? I do not have the solution in my hands, but I am very curious about your ideas about this. Sometimes someone will forget his or her password, but how do you combine service with security in these cases? It is hard ...