[drdeca]

Well, the third key is only useful if one has one of the other two.

Though there is the possibility that an adversary could get access to the third key and the key that they store for being tied to the biometrics?

But I think that that is probably sometimes a lower risk than the risk of "oops, I lost/forgot my bitcoin key" if one is using single signature? (depending on the person, and their adversaries)

[Mtinie]

I'd prefer the option to generate that third key locally and skip storing it on their servers.

[lawry]

Agreed, this is what some of the new startups that make something "secure" soo often overlook. They make put UX (if you can call it that), over real security. It's still possible to deliver a great user experience and backup solutions without compromising security, it's just not easy.

Companies that do succeed at this however should all receive an award for it, or at least be listed somewhere, because it's a really hard problem to solve at times.

I think in certain aspects Apple got this sort of stuff right with the iPhone, but I'm not sure about that, at least I hope iOS is as restrictive as it is for a reason.