Maddy Miller

Maddy Miller me4502

me4502

Background by @introspectivedsgnPhone numbers are not life-long identifiers

Phone numbers are not life-long identifiers

Posted on Mar 9, 2026 by Maddy Miller

In Technology with tags Retrospective, UX

1338 words, 5 minutes to read

Phones and phone numbers are pretty common these days. Most people have a mobile phone, and there’s a general expectation by most apps and services that a user will have a phone number available. It isn’t, however, safe to tie someone’s identity uniquely to that phone number. Phone numbers get reused, and people can have multiple phone numbers. Despite this, the tech industry treats phone numbers as if they are unique life-long identifiers.

Phone numbers are recycled

I’ve had my phone number for a fair while at this point, most calls I get are either directed to me, or due to someone making a mistake when entering the number. I am aware though, that I am not the first owner of my number. When I first got this number, I would pretty regularly get calls for a “Michael” (omitting all other information for their privacy, of course), who seemingly used the number for commercial purposes. I’ve also gotten a few calls for a “Samantha,” but much less frequently so I’m unsure if that’s just a common typo or if they were also a prior owner of my number.

This isn’t too much of an issue, calls to the wrong person happen here and there. I have however, had a fair few situations where I am locked out of creating accounts with services, or have my newly made account or purchase automatically linked to the prior owner of my phone number. When this happens, customer support agents are usually either unable or unwilling to help. They just don’t understand how I’ve got the contact details for their other customer and won’t discuss it with me as I’m not authorised for the account.

Logistics and privacy nightmare

I recently made a purchase from a company that my number’s prior owner “Michael” had coincidentally used in the past. From what I was told during a confused back and forth with the customer support agent, this number had been used for a purchase in 2003. So, for some completely nonsensical reason, they automatically connected the name and shipping address from back then to my order. 23 years later. Even if I was the person who purchased it that long ago, there’s no way I’d want my new delivery address ignored for one I used 23 years prior.

Despite having never placed an order with them myself in the past, having tax invoices and order confirmations with my details on them, as well as proof of payment, they could not talk to me further as it had been linked to that other account. They did, however, send me this previous customer’s full name and (likely outdated) delivery address in a shipping confirmation email. This is both a logistics and privacy nightmare for everyone involved.

As I’m not authorised to discuss my own order due to the misidentification, and they cannot redirect or cancel it, my only option is to charge back the purchase. If I ever decided to make another purchase with them (unlikely after this experience), I would need to get a new phone number.

More generally, this is not a problem specific to that purchase order. So many apps or online services that I use are fully authenticated by entering a phone number and confirming a code via SMS. If someone’s number is recycled, suddenly the new owner of the number has access to every detail about them stored in those accounts. This is not just a theoretical issue. It happens today and will happen substantially more in the future as number reuse becomes more and more common.

People can have multiple numbers

Aside from cases where a number is recycled, people can also have multiple numbers throughout their lifetime or even at the same time. People move countries; swap mobile carriers that won’t give up numbers; have separate business phones; etc. It could even be like my experience, where I wanted to swap carriers but the process to release a phone number was so slow, error-prone, and complicated that after years I opted to get a new number just to get away from them.

If a service treats phone numbers as a unique identifier for an individual, suddenly these people are stuck with multiple accounts. Services that do that rarely have ways to transfer an account to a new phone number as well, as it’s not really built into the underlying expectations of what will happen.

It’s also worth noting that people can and do lose access to phone numbers. This is much more common with business numbers that they might lose after changing jobs, but it will also happen whenever someone changes to a new phone number without keeping their old one. If authentication is tied to a phone number, losing that phone number suddenly means you can’t authenticate. In an absolute worst case, this could lock people out of parts of their digital life. And as more essential services move to digital systems, this could even limit someone’s ability to participate in society, something I’ve covered in more detail in the past.

If the aforementioned “Michael” wanted to access an account of his that was authenticated via the phone number that I now own, he’d be out of luck. It’s no longer his number, the account is effectively orphaned as the real owner cannot verify their identity, and the owner of the verification method (me) is not the rightful owner.

Tying account data to phone number rather than accounts

Sometimes, this data can even stay around between account deletions, where it’s tied directly to the phone number rather than the account. During high school a few people played a “joke” on me, where they signed me up to a common service with an ethnic slur in the name field. Obviously, this was not something I appreciated or condoned. Their motivation was just that I would get a few emails and texts that said something like “Hi, [slur].” I deleted the account and didn’t think much of it.

A year or so later I signed up for the same service again, and everything was seemingly okay. Until I realised that my referral code contained the slur they’d previously signed me up under. I contacted support, and it turned out referral codes were immutably tied to phone numbers. They couldn’t modify it, and making a new account would not solve it. The only solution was to make a new account with a new phone number, and then whoever the number was recycled to would be stuck with the same issue.

How can we solve this?

Overall, these problems all stem from companies using phone numbers as a basic analogue for identity, despite it being a poor fit. Phone numbers can be reused, they can be transferred, they can change, and people can have multiple at once.

The problem isn’t that companies are using phone numbers, it’s that they are treating these numbers like something they aren’t. Phone numbers are a method of contact, similar to email or mailing addresses, they aren’t permanent unique identifiers. Services aren’t tied to a home address (outside of niche cases such as utility companies that service an address rather than person), so why do we tie them to phone numbers? It’s worth noting that this isn’t just a problem with phone numbers, many businesses make the same mistake when it comes to names too.

If companies don’t start handling this properly, it’ll continue to get worse and worse. Phone number reuse is becoming more and more common, and phone-based authentication seems to be increasing in popularity as well. This combination will almost certainly lead to more orphaned accounts, mistaken identities, and privacy breaches in the future. It might even give rise to a form of “number sniping,” where people monitor high-profile phone numbers to claim once they become available, to gain access to a target’s data and identity.

This will continue to be a privacy nightmare until we as a society stop accepting phone numbers as a core tenet of identity. They’re a method of contact and nothing more. The sooner our systems reflect that reality, the sooner they’ll be safer and more reliable for everyone.

About the Author
Maddy Miller

Hi, I'm Maddy, a Senior Software Engineer at Microsoft. I write articles and develop Minecraft mods including WorldEdit, WorldGuard, and CraftBook.

More about meMy opinions are my own and do not represent those of my employer.

Check out these related posts!

The dark side of account bans

Posted on May 7, 2025

In category Technology with tags Community, Retrospective, UX

1635 words | 6 minutes to read

I recently lost my Facebook account for two months, and was significantly cut off from certain aspects of society during that time. This is the dark side of account bans.

IPv4 exhaustion is now a UX problem

Posted on Apr 15, 2026

In category Technology with tags Explainer, UX, Web

1781 words | 7 minutes to read

Most discussions don’t touch on the places where CGNAT is an inescapable reality. For many users IPv4 scarcity still feels like a theoretical issue, and they design the internet accordingly.

Pride & Bug Reports

Posted on Jan 16, 2026

In category Programming with tags Community, Retrospective, UX

1308 words | 5 minutes to read

When people ask for help with an issue on social media, it’s common to see responses implying it is a common issue. This can dissuades people from reporting problems.