As in, your account has 5 types of keys on Hive, 4 normal keys (Owner, Active, Post and Memo) plus one "master password" that generates all the other 4 keys, which you can call it like a "seed password or passphrase" (if you want it to compare it to other chains).

You can see all these keys on you Hive keychain for example, except the "Seed Password" and the owner key. Those two one should store offline (preferable) or in a place secure enough that once needed, you are sure to always exist and be there. They are not going to be required (for most users) ever... but they are the basic security of anyone's account.

Then, on top of this, there is the "recovery account". This is another hive account, that can have the power to help you recover your account. And by "can have" I mean, you the authentic owner, must have a good relationship with that person, and understand how it works.

Because it works this way... if someone hacks your Account, and your keys don't work anymore, your previous "owner key" can still help you recovery via this recovery process (if your account was active on the last 30 days).

The way it works is that once you detect you have been hacked, you contact your recovery account (within 30 days) and ask to initiate the recovery process.

Once your recovery account broadcasts the initial request, you will have 24 hours to broadcast a transaction with your old owner key and the new one... designated to replace the old one you had, at the time changed by the hacking account.

And its at this point that the relationship works. Because your recovery account, should not just imitate that request at any time, but only when requested by you.

Hence why its important to know exactly that person. Or have an alternative account (like I do) where the keys are stored off-chain.

Hopefully this helps, if we need to iterate, we can.