Every serious account, by necessity, has a process for the customer who has lost the means of access. The principal may forget the password; the device that held the second factor may break or be lost; the principal may simply have not used the account for long enough that the credentials no longer come to mind. Without a recovery route, the account would be useless after a single mishap.

The recovery route is, by design, less strict than the ordinary route. It is reached by the customer who cannot use the normal credentials, and it tends to rely on identifiers that the customer is presumed to know but a third party would not: the original email address, the date of birth, the answer to a question chosen years before, the verification of a separate trusted account.

These identifiers, taken individually, were reasonable choices when they were set. Each is, in modern conditions, something that can be discovered with patience. The original email address has, in many cases, appeared in a leak; the date of birth is on a public record; the answer to the question is sometimes guessable from a published profile; the separate trusted account, where one is held, has its own recovery route that can be tested in parallel.

What follows is that the recovery flow is, in many cases, the weakest path into the account. The ordinary path is well-defended; the back path, designed for the absent-minded customer, is less so. The party who has assembled enough fragments of the principal's identity can sometimes reach the account through the back path more easily than the principal can reach it through the front.

The work in this category is undramatic. It begins with the careful audit of which accounts presently rely on which recovery routes, what those routes presently accept as proof, and what would happen in the event that each route were taken in turn. It continues with the deliberate updating of the routes that depend on identifiers that should no longer be considered private. The aim is that, for the accounts that matter, the back path is no easier than the front.