The Trouble with Reused Phone Numbers in CIAM
7 points
4 hours ago
| 2 comments
| ciamweekly.substack.com
| HN
rationalist
3 hours ago
[-]
> Deactivation tracking is available in the USA because the FCC publishes a reassigned number database

TIL

https://www.fcc.gov/reassigned-numbers-database

reply
bell-cot
4 hours ago
[-]
> an account-takeover problem email doesn't have, for a couple of reasons.

> For email, the namespace is large.

> As far as I know personal email providers don’t reuse identifiers.

Email providers vary, their policies can change, and "don't reuse" may only mean "...for a year or few".

Or - if the email address is "@MyDomain.com", you have issues with expired domain name being picked up by less-than-saintly new owners.

reply
mooreds
4 hours ago
[-]
That's a good point. The behavior varies wildly based on the domain provider and the behavior when you let a domain expire is similar to what happens when a phone number is deactivated, but with a possibly bigger blast radius.
reply