Pattern 04
Recovery as passkey trigger
Immediately after a successful recovery, offer passkey enrollment as the way to prevent this from happening again — framed around the pain they just experienced.
Problem
Users who just went through account recovery are the most likely to face the same lockout again, yet they're rarely offered a stronger method afterward.
Recommendation
Immediately after a successful recovery, offer passkey enrollment as the way to prevent this from happening again — framed around the pain they just experienced.
UX impact
Converts a stressful moment into a concrete, well-timed improvement, rather than ending the flow at 'you're back in.'
Security impact
Directly reduces repeat recovery attempts, which are a common target for social engineering and support-desk fraud.
Implementation notes
Trigger the prompt from the recovery-completion event specifically, with copy referencing the recovery method just used (e.g. 'Never lose access via email again').