Among the accounts a person uses, one or two are quietly more important than the rest. They are the accounts to which the recovery routes of the other accounts lead. They are the accounts that hold the address book, the password manager, the backup, the photographs, the records. They are, in effect, the master keys to the rest.

The accounts that perform this role are not always the ones the principal would name as most important. The primary email account is a common example; the cloud storage account is another; the primary mobile account, in some configurations, also belongs to the list. Each was once a service account among others. Each, by accident or by accumulation, has become the place from which the rest can be reached.

The risk implied by this is not, in itself, a reason for alarm. The principal who has not been thinking about it is, in most cases, fine. The risk is in the asymmetry: a great deal depends on a small number of accounts, and the protections on those few accounts are sometimes no stronger than the protections on the others. The single account that opens many is defended at the level of an account that opens one.

The work in this category begins with identifying which accounts perform this role for the particular principal. Each life is different; the inventory is small but not always obvious. The accounts may be hosted by major providers or by small ones; they may be in personal names or in family names; they may be active or quiet.

The work continues with the deliberate strengthening of the small number identified. Stronger authentication; trusted devices configured explicitly; recovery routes audited; alerts enabled; redundancy built in for the situation in which a device is lost. None of this is dramatic. Each piece is a small administrative step. The cumulative effect is that the keys are held more carefully than they had been by accident.