perhaps it should not be so easy to reset a password on mtgox then?
perhaps it should be more painful for those who forget their passwords and have to wait
for a call from a mtgox employee who will then quiz them about details of their account?
Come on, there's only so much mtgox can do.
If someone breaks into your primary email address they've got you.
Here we have a mtgox user who got owned due to a process on mtgox that made it easy for the attacker
to do so via a password reset while having access to the user's email account.
It strikes me as very beneficial for mtgox to close this hole.
The yubikey was a good suggestion but it is optional. If kept optional many users will fail to get one.
Thus make resetting a password via email harder is an option. Or make yubikey mandatory in 30 days.
Doing any step to close this issue for future OPs would be a move in the right direction and lead the way for exchanges
to follow suit. MTGOX can be the leader...