It's sort of odd that the list of precautions omitted the most obvious one: don't link online accounts to your phone number if that account can be reset with access to that phone number. Yeah, using a password manager is great, but not if it can be trivially bypassed. The phone companies should not be expected to be some sort of security gateway service.