RE: Steemit Releases Groundbreaking Account Recovery Solution
In information security speak what Dan is talking about is incident response and disaster recovery. As long as the system you build has an ability to "self heal", which means to recover from attacks and develop immunity to future attacks which use the same methods, then you'll do fine. The attacker might be successful and in that event the system is resilient enough to heal and recover continuously from threats like an immune system.
Roaches for example are almost impossible to exterminate because they mutate so fast, reproduce so fast, and adapt to threats so fast. This indicates that roaches are incredibly resilient to attack because diversity and fast mutation provides collective security for the roach species. I wrote something about this in an article called Attack Tolerant Information Systems, and the point is you're never going to be able to prevent attacks but you want to build systems which tolerate being attacked and develop an artificial immune system of a sort.
That kind of solution may go beyond what Dan is talking about with Steemit so far but I thought I would mention it anyway for people interested in the state of the art in security.
Convenience vs security can be bypassed if you have good disaster recovery. Group owned accounts using multisig is the best idea. We can secure our accounts through our social networks of friends. If we are using Facebook then in the event of a compromise we can confirm on Facebook that it is us. Or we can simply use a PGP signed message which I also made a section for for on Steemit. If you know how to put up a PGP public key then I suggest you put one up in your blog just for Steemit.