Identity Recovery Is a Ceremony of Power

Whoever can restore an identity can often reset credentials, recover records and regain transaction authority. Treat that moment accordingly.

The answer

Account recovery is often delegated to the least ceremonial part of the institution: a help desk, an inbox, a support chat. Yet the act itself can restore access to correspondence, assets, approvals, legal instructions and the ability to impersonate the recovered person.

Account recovery is often delegated to the least ceremonial part of the institution: a help desk, an inbox, a support chat. Yet the act itself can restore access to correspondence, assets, approvals, legal instructions and the ability to impersonate the recovered person.

That is not customer service. It is a ceremony of power.

Ceremony creates deliberate friction

A ceremony has named participants, required evidence, a sequence, a record and a visible change of state. Those features are useful because recovery occurs precisely when normal evidence is missing or suspect.

Modern organisations try to make recovery feel seamless. Seamlessness is appropriate for low-consequence services. It is reckless where recovery reconstitutes institutional authority.

What the ceremony should establish

- The claimant is the person or office entitled to recover.

- The reason for recovery is understood and independently observable.

- The evidence did not originate solely from the compromised channel.

- The people approving recovery are currently authorised.

- The restored identity begins with limited powers and heightened observation.

A recovery ceremony can take ten minutes. Duration is not the point. The point is that no single persuasive conversation silently changes the institution’s control state.

Objection: this will slow real emergencies

Yes, poorly designed governance slows emergencies. Well-designed ceremony makes them faster because contacts, evidence and authority are already known. The true delay comes from improvising ownership while a principal is locked out and someone is demanding immediate access.

The position

Use ordinary self-service recovery for ordinary accounts. For identities that can move money, change ownership, issue legal instructions or recover other people, require a witnessed event with an event number, explicit evidence and a temporary restriction period.

If recovery can happen without the institution noticing that power has changed hands, the institution has no reliable boundary.

Sources

  1. NIST — Authentication and lifecycle managementNIST

    Primary authority

  2. NIST — Digital Identity GuidelinesNIST

    Primary authority

Ross BelhommePartner, Svperior / Legal

Jonathan P. De Collibus

Jonathan co-founded Svperior in 2014 and leads its cyber practice. His work sits where adversarial pressure, technical architecture, and consequential decisions meet, with experience across clinical, financial, public-sector, and private-client systems where confidentiality, continuity, and technical correctness carry material consequences.

Cyber strategy / Adversarial assessment / Security architecture / Private systems

Need to apply this to a specific situation?

Send us the initial context. If the matter fits, we will respond directly.

Send private inquiry
Identity Recovery Is a Ceremony of Power