Wouldn't using a registered email address be the optimal way to go for Steemit account recoveries?
In addition Steemit should implement some sort of confirmation email that has to be acknowledged if a user wants to transfer SD or SP out of the account. This would ensure that not only does the hacker need to compromise a users Steemit ID/Password combination but they also need to compromise a users 2FA protected email account. This would prevent 99% of all thefts. Not hard to implement and very secure, it is considered an industry best practice.
@smooth to the best of your knowledge is anything like that being planned? With Steemits explosion in the last 2 weeks there are some significant funds to protect.
Curious why this is not the direction Steemit went since its an industry standard and works very well.