[nested reply]

There is a disabled Steem command which can be used to challenge that someone using a posting authority on an account has access to the account's active key, more thoroughly indicating ownership. Here's the cli_wallet documentation on it:

Challenge a user's authority. The challenger pays a fee to the challenged
which is depositted as Steem Power. Until the challenged proves their
active key, all posting rights are revoked.

Parameters:
    challenger: The account issuing the challenge (type: string)
    challenged: The account being challenged (type: string)
    broadcast: true if you wish to broadcast the transaction (type: bool)

It was disabled in the version 0.14 hardfork and hasn't been reenabled.

Challenge Authority

Fixed a bug where an account's active authority could not be challenged. Subsequently, because there is no way of addressing the challenge through steemit.com, we have disabled the operation entirely for the moment as it could be an attack vector against users that do not know how to use the cli wallet. The operation will be enabled at a later time when steemit.com can more elegantly handle challenge scenarios.

https://github.com/steemit/steem/releases/tag/v0.14.1

But if someone's posting auth is compromised (as the.masses' intentionally was, so that it could be used as an anonymous outlet), and the account begins to spam, downvotes can be used to reduce the account's reputation. Although the higher-rep-than-downvoter immunity function of reputation might make it difficult if a very high rep account had its posting key compromised. If the owner of the account is paying attention they can change the password of their account using Steemit and the posting key will change with it.