Can there be an alternative in place, where an address will be provided to the user and and an arbitrary small amount, say 0.00012345 BTC will be required to send to that address from one of the user's previously posted addresses for account recovery ?
How would sending money somewhere prove that you are the rightfull owner of that account?
If you send "from" an address, you prove that you have the privkey. It's more or less the same as signing a message.
Not necessarily. There are lots of ways to get people to send BTC to an address, owning the sending address is only one of several possible scenarios that could have that result. Bitcoins being sent from an address doesn't prove you own it.
The scenario I'm talking about has the following parameters...
i. From address (which user has posted before in the forum)
ii. To address (which Theymos or any other Global Mods may provide)
iii. The amount (which Theymos or any other Global Mods will provide)
How come all these be satisfied by someone who does not own the address ?
p.s. Even if the attacker changes all pre-posted addresses, we can verify user's actual posted address from either Bitcointa.lk or Google cache or archive.org/web/
Yep. Likely for the average account? Nah. Possible? Most certainly, especially since the amount involved is trivial. There are many accounts that would be worth it, especially since the only investment would be time. There are groups of scammers operating here who make a living scamming various finance related forums.
There should be alternatives to account security, and there will be, but this isn't it.
