That's a great article. I thought I was pretty secure with the two-factor authentification. But with the 'socialing' technique it looks quite easy to break. To me, the best advice is to give bogus answers to security questions. That leaves very little chance to pass through the password resetting process.