Two years ago, I changed my phone number, and that led to complications with my social media accounts, ride-hailing apps, Amazon, my bank, and even the state of Pennsylvania. Recently, I finally resolved the issues caused by this technology mishap.
Seated at my desk, holding a new smartphone, I slowly moved my head up and down in front of the camera, then tilted from one ear to the other without losing eye contact with the lens. This short video was meant to confirm to Instagram that I was indeed myself, not an imposter.
An automated email from Instagram acknowledged the selfie video, stating that it was under review. However, not only had I forgotten my Instagram password, but I also no longer had access to my old phone number due to switching to a new mobile provider and a family plan. To regain access to my account, I had to upload a video of my face to pass Instagram’s two-factor authentication security check.
As I waited for Instagram’s response, I imagined a security team member scrutinizing my selfie video along with the photos posted on my account over the years. Shortly after, I received an email indicating that my identity could not be confirmed based on the video submitted, prompting me to try again.
Realizing the hassle of changing phone numbers, I did not anticipate the complexities that ensued. From Lyft and Cash App to Instagram and Amazon, navigating the verification processes to regain access to my digital accounts became a burdensome task. Confirming my identity felt like a part-time job, with limited human support available to assist.
Although text-message-based two-factor authentication dates back to the ’90s, its widespread adoption began in the early 2010s as a response to increasing data breaches and cyber threats. Multifactor authentication was promoted as a more secure alternative to traditional passwords, especially as hackable passwords remained prevalent in 2024.
Multifactor authentication presents a significant security enhancement by requiring additional steps to verify one’s identity. With remote work on the rise, the adoption of multifactor authentication has increased, with 64% of Okta users utilizing some form of MFA according to a 2023 report, up from 35% before the pandemic.
Despite the security benefits of multifactor authentication, the system faced challenges along the way.
Text-based authentication, such as SMS-based two-factor authentication, uses phone calls or texts to verify a person’s identity. This method, considered less secure compared to authenticator apps, is widely used despite its vulnerabilities. According to Cristian Rodriguez, the field chief technical officer for the Americas at cybersecurity firm CrowdStrike, many less mature organizations rely on SMS-based codes for authentication. Companies like Apple, Google, Zoom, Slack, Dropbox, PayPal, major US banks, and universities still use this method, making it a common target for cyber attacks.
Rodriguez highlighted the ease with which SMS-based authentication can be intercepted, citing SIM swapping as a prevalent attack vector. In a SIM-swapping attack, hackers can take control of a person’s phone number, potentially gaining access to sensitive accounts like bank, social media, and digital wallet credentials. This vulnerability was exemplified by a recent high-profile hack involving the Chinese government infiltrating US phones through telecommunication networks, prompting federal advisories to discontinue the use of SMS-based authentication.
Unlike permanent identifiers like fingerprints or faces, phone numbers are temporary and can be reassigned when users switch providers or locations. Companies are gradually recognizing the security risks associated with SMS-based authentication, with some, like X, deciding to discontinue it for nonverified users due to its weaknesses. Tech giants such as Google and Microsoft are also moving away from SMS authentication in response to major breaches. However, transitioning away from SMS authentication can present challenges for users, as demonstrated by experiences like regaining account access through customer service interactions or automated processes.
Navigating through a maze of links, I encountered a formidable challenge in accessing my accounts with services like Audible, Alexa, and Whole Foods. Eventually, I was prompted to upload a photo of my passport for identity verification. Despite reattempting after a week of silence, it took months before I regained entry to Amazon. Unfortunately, both Instagram and Amazon remained unresponsive to my inquiries.
In today’s world, the rarity of human interaction in customer service is increasingly apparent due to AI implementations and chatbot prevalence. A lingering issue remains with verifying my LinkedIn profile, as the identity-verification platform Clear persists in sending verification codes to my outdated phone number, with no avenue for resolution.
Being locked out of online platforms is frustrating, yet my struggles escalated when applying for unemployment benefits post-journalism job loss. Pennsylvania’s government utilizes the ID.me service for website login and identity confirmation, a process that ties digital identity to phone numbers. Encountering an existing ID.me account linked to my old number, I faced a tedious journey involving customer service interactions, numerous document submissions, and ultimately, manual application filing over the phone.
The once-promising technology now complicates rather than simplifies tasks. Automated checkouts in grocery stores have replaced human cashiers, further enhancing the complexity of everyday processes.
The experience of shopping was seamless, devoid of any interruptions caused by a malfunctioning machine erroneously assuming an item had not been scanned, thus necessitating human intervention. Despite the proliferation of innovative “smart” technology in contemporary vehicles, there remains a palpable concern that a mere software malfunction could potentially render access to these vehicles inaccessible. In the year 2025, the advent of artificial intelligence has reached a stage where it is purportedly capable of engaging in romantic relationships. With such advancements in technology, one would reasonably expect simple tasks such as unlocking a laptop using a thumbprint or facial recognition to access online shopping accounts to be effortlessly executed. However, the challenge persists in convincing these advanced machines of our identity authenticity.
The frustrations associated with technological authentication are not merely anecdotal. An individual named Keith, the previous owner of my current phone number, serves as a tangible example. Despite my lack of familiarity with Keith, it has become evident that he, too, is facing obstacles in regaining access to his websites and applications. This situation is exacerbated by the receipt of unsolicited six-digit verification codes via text message, further complicating the authentication process. While I have managed to regain access to most of my accounts after considerable effort, it appears that Keith continues to encounter difficulties in this regard.
To Keith, should he come across this message: a reminder that your prescription awaits collection at Rite Aid.
John Paul Titlow, a seasoned freelance journalist specializing in technology, digital culture, travel, and mental health, initially reported on this issue for Business Insider.
