Remix.run Logo
The Trouble with Reused Phone Numbers in CIAM(ciamweekly.substack.com)
7 points by mooreds 9 hours ago | 3 comments
rationalist 7 hours ago | parent | next [-]

> Deactivation tracking is available in the USA because the FCC publishes a reassigned number database

TIL

https://www.fcc.gov/reassigned-numbers-database

bell-cot 9 hours ago | parent | prev [-]

> an account-takeover problem email doesn't have, for a couple of reasons.

> For email, the namespace is large.

> As far as I know personal email providers don’t reuse identifiers.

Email providers vary, their policies can change, and "don't reuse" may only mean "...for a year or few".

Or - if the email address is "@MyDomain.com", you have issues with expired domain name being picked up by less-than-saintly new owners.

mooreds 9 hours ago | parent [-]

That's a good point. The behavior varies wildly based on the domain provider and the behavior when you let a domain expire is similar to what happens when a phone number is deactivated, but with a possibly bigger blast radius.