Most identities, at any given moment, rest on a small number of service providers. The mobile carrier holds the phone number. The email provider holds the address. The bank holds the account. The few directory services that the principal has registered with hold the verifications. The wider system of accounts that depend on these foundations rests, in effect, on the conduct of those few providers.

The principal experiences these arrangements as their own. They consider the phone number theirs, the email address theirs, the account theirs. The legal position is sometimes the same and sometimes more nuanced. In each case the provider retains control of the underlying identifier. The principal has the use of it, on the terms the provider has set, for as long as the provider is willing.

The conditions in which this matters are narrow. A change initiated by the provider, on what they believe to be a request from the principal, transfers the identifier to a different device, account, or address. The identifier itself does not change. What changes is the party in control of it. The wider system of accounts that depended on the identifier continues to behave as if nothing has happened.

What follows from this is direct. An account that uses the phone number for verification now uses the new device. An account that uses the email address for recovery is now recoverable to the new address. An account that uses the original line as the trusted route is now routed differently. The principal, in the meantime, is in possession of an identifier that no longer reaches them.

The mechanisms by which providers are persuaded to make such changes vary. Some are administrative, executed by an employee following an apparently routine procedure. Some involve documents that appear to support the request. Some rest on small social pressures that the procedure does not contemplate. In every case the change is, from the provider's side, a request from a customer, handled in the ordinary way.

The defence here is not technical. It is the deliberate hardening of the procedures the provider will accept. A request that cannot be carried out without an additional check, an in-person attendance, or a recorded callback to the original line, is harder to misuse than one that can be carried out by a single call to a contact centre.

The work, where the principal's situation warrants it, is well-suited to the desk. It begins with understanding which providers hold the foundational identifiers, what their procedures presently allow, and what additional checks they will agree to put in place for an account where this matters. It continues with the periodic review of those arrangements as procedures change.