Is changing passwords for a hacked webservice a guaranteed way to reclaim a user’s account?
No. Resetting the password on its own gives your control over the account again, but the hacker could have already noted down your additional security information (date of birth etc and security questions), and may well pretend to have "forgotten the password" and regain access to it again.
The information could also be used to help gain access to other accounts, so hacking one account is really just the start of a long journey... If you want to truly protect your account, you should:
Thanks. Please tell , whether two factor authentication is page specific or can be done for any registered page. If for any page, is authentication same for every page?
Two factor authentication can only be performed on those sites that support it and not all sites do. The second factor is frequently a code that is sent vis SMS to your mobile phone. it is unique to that particular site at that particular time for that particular user. Codes expire immediately after their use or after a predetermined amount of time (normally 10 minutes or less), whichever happens first.
Is it true that delay in resetting increases chances of user information hacked?
The only thing that guarantees is that the password is changed. You still don't know what information the hacker(s) got.