In today's electronic world, people are expected to remember dozens of passwords in order to access various electronic media (web sites, devices, servers, applications, etc.). The tendency of people to forget these passwords, especially those that are used less often, has led to the notion of password recovery.
Password recovery is used most often for websites (e.g., credit card or bank account logins, social networking sites, etc.), but is applicable to any user account with a password. The standard information used for password recovery is data provided up-front by the user. Common examples include the user's mother's maiden name, city of birth, first pet, first job, favorite sports team, etc. Generally, one or more questions based on this data are asked of the user, and the user is given a new password upon correctly answering the questions.
However, the information collected for password recovery is often the same from website to website. Therefore, if an unauthorized person gains access to a user's account on one website, that person can often access the user's account on other sites. Furthermore, much of the information used for password recovery is not all that secret, especially in the age of social networking. It is not unlikely that information about a user's pets, jobs, sports teams, etc. would be available on a Facebook® page.