I had some sort of hard drive failure a few days ago. It was on the drive where Windows itself was installed. I spent a full day valiantly battling to save the sinking ship that was my Windows installation. I saw so many blue screens and blurry fonts I began to wonder whether I should get new glasses. Some important lessons were learned, not least that the Windows “System Restore” function is a waste of time and effort. For years I have been diligently doing system backups, always make space for the new backups because apparently Windows doesn’t know how to do rolling backups, but after doing a restore all I got back was some broken Desktop shortcuts, nice work Microsoft. Thankfully, the purchase of a new SSD and a day or two of pfaffing and my computer is working again.
But what became apparent, as I tried to get access to all the websites I rely on, is how many accounts and logins I have tied to my email address and mobile phone number. These two pieces of information seem to have become my defacto web identity. In fact for some sites, notably reddit, I have lost a 12 year old account because I had changed my email address some time back and didn’t tell reddit about it.
This is the frightening reality of the modern world, we don’t have identity cards or a government issued number, but we do have a single identity that we rely on absolutely. My email address is used for my electricity provider and internet provider. I have a Facebook account, a Twitter account and WordPress account, all tied to the same email address. Many of these accounts also use my mobile number as part of their two step authentication process where I’ll receive text messages with confirmation codes. My Steam account, while not dependent on my email address, makes use of a mobile authenticator app that generates codes that allow me to access my account.
So here’s the punchline, imagine if that email address was taken away from you, imagine if you couldn’t move your mobile number over to a new provider when you buy a new phone. Do you know what accounts are dependent on these two critical pieces of information? We’ve reached the point where your email address is now more important than your credit card number, it certainly has more value and a bigger potential to ruin your life. If I lose my credit card or think the number is being used without my permission I make a single call to my credit card provider and cancel the card. If my email has been hacked and someone changed my password what do I do?