Comment by explaininjs
2 years ago
You miss the crux of it: the second time onward the clearing houses uses email to authenticate the previously-SMS-verified account.
2 years ago
You miss the crux of it: the second time onward the clearing houses uses email to authenticate the previously-SMS-verified account.
The clearinghouse may not have the user’s most recent email address, which is common amongst non-tech people. My mom and aunts have lost many email addresses this way and forcing them to use an older email would cause many issues.
The app has to ask for email/phone to begin with (see step 1), if the email doesn't match then phone would be used as fallback, or potentially as a "Didn't Receive Code?" gesture.