Security techniques are getting better and better. Account recovery is one of the example of this. Before we have people to answer their security questions (that might be well known for other people) and give their password: How To Hack A Celebrity: Miley Cyrus Is An Idiot Edition
If you set up your second e-mail address, and your phone number, now you need to have access for those in order to recover your account. Of course you should provide this info to your service providers. Otherwise like Miley Cyrus, you can be easily hacked. (Of course she should have provided fake answer that only she knew)
Most of online banking websites in US now start to use dual authentication. They now ask your username password but also ask security code they send your mobile phone. This is much better than using only password based authentication.
Besides the improvements in security we have to come up with a new and better way for authentication. People forget. That’s the reason they use same password for several sites. You cannot just say don’t use it. They will use it. You cannot just say use one-password or its variants. As security community it is our responsibility take a better approach and this approach should bring more security as well as easiness for regular users.