Hacker News

The Trouble with Reused Phone Numbers in CIAM

7 points by mooreds ago | 3 comments

rationalist |next [-]

> Deactivation tracking is available in the USA because the FCC publishes a reassigned number database

TIL

https://www.fcc.gov/reassigned-numbers-database

bell-cot |previous [-]

> an account-takeover problem email doesn't have, for a couple of reasons.

> For email, the namespace is large.

> As far as I know personal email providers don’t reuse identifiers.

Email providers vary, their policies can change, and "don't reuse" may only mean "...for a year or few".

Or - if the email address is "@MyDomain.com", you have issues with expired domain name being picked up by less-than-saintly new owners.

mooreds |root |parent [-]

That's a good point. The behavior varies wildly based on the domain provider and the behavior when you let a domain expire is similar to what happens when a phone number is deactivated, but with a possibly bigger blast radius.