It is popular today for frameworks and social sites to enable multiple authorization options when creating websites. For example, allowing a user to login with GitHub, Twitter, Facebook, etc. In addition, identity verification using mobile verification codes is also becoming more common.
Enabling these features seems to bring an added security risk, if not handled appropriately. For example, when changing a password - users are asked to either provide their past password or reset the password via email - even if the user is currently logged in or authenticated. However, there are cases where a similar manner of identity verification is not enforced prior to adding connected accounts/logins.
What are recommended strategies or best practices for adding or modifying additional authorization/login options while following proper precautions?