SUMMARY: The modern identity stack is not held together by passwords. It is held together by recovery paths. Whoever controls recovery controls the border.
Most operators think of access as a login event: username, password, device, token. That is the visible ritual. The deeper structure is recovery: the email address that resets the account, the phone number that receives the code, the registrar that controls the domain, the platform that decides whether a support ticket is credible.
The Recovery Chain
A credential is only as sovereign as the weakest recovery dependency behind it. A hardware key helps, but not if the domain can be transferred through a compromised inbox. A password manager helps, but not if every vault recovery path points to one phone number. A private email account helps, but not if billing failure quietly suspends the domain behind it.
The useful exercise is simple: pick one critical account and draw the recovery chain backward until it reaches a human, a device, a jurisdiction, or a payment rail. That endpoint is not background infrastructure. It is the real border post.
Minimum Viable Custody
Maintain at least two independent recovery routes for critical systems. Keep domain, email, vault, and device recovery from collapsing into one provider. Store offline instructions for emergency restoration. Review billing and registrar lock status quarterly. Treat phone numbers as temporary convenience, not identity foundations.
The earlier Offline Ledger brief covered memory after cloud failure. Credential sovereignty is the access layer above that ledger.
Field assessment: convenience is not the enemy. Unlisted dependency is.
Leave a Reply