Edit: LoyceV, I will give some thought to your suggestion on the matter of the paper wallet. However, I believe that a forum such as bitcointalk should offer its members some sort of extra protection.
A staked address is a very easy method to offer this protection, although I do agree account recovery often takes too long.
Also asking the user for confirmation before doing a critical change to the account should be mandatory.
That means at least sending a mail with a confirmation code. That's minimum security, any site has such an option implemented.
I've had most of my forum accounts longer than most of my phone numbers and email addresses, and this forum account has already outlived at least 2 of my phones (although not my phone number). I consider losing my phone much more likely than losing access to my account, and in that case it will only lead to more support requests.