Comment by thebean11

> This doesn't seem very workable in a practical sense. It seems like this could be spoofed fairly easily or the business service gets hacked

You could give keys to two businesses / people and require them both to agree before they can "unlock" the account. You could also add a timelock, so you have time to respond if they get hacked or collude against you.

These aren't really new ideas and exist in existing, non-crypto social recovery schemes.