The account can only be recovered if someone knows one of the old passwords.
This means even though I can start the recovery process for an account made via AnonSteem, I can't actually change the key without having at least one of their old passwords.
Account recovery is something that cannot really be done without some form of trust system, otherwise let's say the hacker figures out your "secret information" you use for recovery? Well you're definitely screwed now.
It's possible for you to change your trustee, but you have to wait 31 days since the last password change to do that. You could for example, create an AnonSteem account, then 31 days later change the trustee to @steemit - which would make them responsible for recovering your account in an emergency. Similarly you could even set it to a friend.
Yeah. That's was the obvious part I was missing.
Also thanks for clarifying the trustee can be change. Such a well thought out feature that is this recovery account thing.
Thanks for your answer. What I don't understand is that samstonehill said steemit needs his email to recover the account, why ? They should only ask for old password not the email. no?