The Trouble with Reused Phone Numbers in CIAM
4 hours ago
- #CIAM
- #phone numbers
- #account security
- Phone numbers reused as identifiers in CIAM can lead to accidental account takeover, unlike email which typically isn't reused.
- Options for handling reused numbers: assume the new owner is the same as the old (risky), detect deactivation to archive old accounts, or use verification questions to differentiate users.
- The best approach depends on available data (like FCC databases) and service needs, with flexible custom workflows recommended.