Whenever a user changes his own password or resets his account
(via email or secret question), this action is now publicly logged here for 30 days:
https://bitcointalk.org/seclog.phpAdditionally, these same actions will be listed on the person's Trust page. A reset will be shown for 30 days, while a password change will be shown for 3 days.
This should make it easier to determine whether an account has been compromised.
Would it be possible to not disclose how a password is reset (email verses secret question). If this is disclosed then the fact that someone has a secret question which would make their account more vulnerable to getting hacked. Removing the disclosure of what method was used to to reset a password would remove this vulnerability.