Totally agree, and this isn't the first time they rolled out a new feature/change by basically locking everyone out. There is an option to display/download your keys, it pops up when you try to log in with the wrong key. Which leads to another problem and security risk:

The .pdf file includes your Master Password.
There is no 2FA.

So, just about anyone logging into your Steemit with a cached or auto-filled password can dl your master key without going through the usual second check.

Huge fail.