Initiate the account recovery flow via email or phone number, generate a recovery token and send a verification code to the trusted contact, supporting sending the recovery code to a backup email or phone. References: NIST SP 800-63B §5.1.1.2, OWASP ASVS V2.3.