Account Recovery Option Obfuscation (Decoy Interface)
As a Proton user with hardened recovery settings,
I want the "Forgot Password" flow to always display all possible recovery methods (Email, SMS, Phrase) regardless of which ones I actually have active,
So that a malicious actor trying to brute-force my account cannot deduce my exact security configuration based on what the UI shows.

Acceptance Criteria (AC)
AC 1: Standardized Interface Response
When a user clicks "Forgot Password" and enters their username, the following screen must display the generic tabs/buttons for Email, SMS, and Recovery Phrase.

AC 2: Blind Failure for Fake Options
If an attacker selects "Email Recovery" or "SMS Recovery" but the user has deactivated those options, the UI should still show a generic "A code has been sent if this method is configured" screen.No error message should ever reveal to the attacker that the method does not exist for that specific username.

AC 3: Legitimate Passphrase Routing
Only selecting the "Recovery Phrase" option and typing the correct 12-word seed will actually trigger the time-lock process defined in my other feature recommendation "Configurable Time-Lock & Notification for Recovery Phrase Resets"