When recovery questions were first adopted as an additional verification, the questions were chosen for being personal: the mother's maiden name, the first school attended, the first pet, the place of birth, the favourite teacher, the colour of the first car. The reasoning was honest. Each answer was something the principal would remember and an outsider would not know.

The reasoning was based on a different information environment from the present one. Each of the answers, in the time since, has become discoverable. The mother's maiden name is recoverable from public marriage records. The first school is on the principal's professional profile. The place of birth is in the registers and frequently on social profiles. The colour of the first car, the favourite teacher, and the first pet are, in many cases, mentioned in social posts the principal made long before they thought of those facts as authentication.

What used to be private is now public, and the recovery questions that depend on it have been quietly devalued. They continue to be presented to the principal as a meaningful check; they continue to be accepted by procedures as evidence of identity. The check, however, is no longer doing what it was designed to do.

The principal who has answered these questions across many providers, over years, has, in effect, set up a network of accounts whose back path is protected by information that an attentive outsider can assemble. The accounts continue to feel well-defended. They are not, in the way the principal believed.

The work in this category is to replace the recovery routes that depend on these questions with routes that depend on something more reliable. A physical token. A confirmation by callback on a registered line. A trusted contact who is asked to confirm. None of this is heroic; each is administrative. The principal can usually update the recovery routes on their important accounts in an afternoon, with the result that the back path is no longer protected by information that has long ceased to be private.