How can you prevent the attacker from publishing a new fallback key and locking you out completely?